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systems,  antiterrorism  officials  say,  page  6 
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Whether  it's  viewed  as  a  reliable  workhorse  or  an 
undocumented  disaster,  old  code  needs  special 
attention,  reports  Gary  H.  Anthes.  Page  27 
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Wachovia  Turns  to 
Outsourcing  to  Cut  Costs 

Bank  looks  to  trim  spending  on  application  support  by  15%  to  20% 


BY  THOMAS  HOFFMAN 

Wachovia  Corp.  is  planning  to 
outsource  support  for  dozens 
of  back-office  applications  to 
three  global  IT  services  ven¬ 
dors  in  a  move  that’s  expected 
to  help  the  nation’s  fourth- 
largest  bank  reduce  its 
application  support  costs 
by  up  to  20%. 

Jean  Davis,  head 
of  operations,  IT  and 
e-commerce  at  the  bank, 
declined  to  say  what  per¬ 
centage  of.  Wachovia’s  2,600 
full-time  and  500  to  750  con¬ 
tract  programmers  could  be 
affected  by  the  outsourcing 
deals.  She  did  confirm,  howev¬ 
er,  that  the  deals  “could  impact 


Supreme  Court  says 
cable  operators  don’t 
have  to  share  lines 

BY  MATT  HAMBLEN 

The  Supreme  Court’s  ruling 
on  broadband  Internet  access 
policies  last  week  won  praise 
from  network  operators.  But  it 
was  condemned  by  consumer 
groups  as  well  as  some  busi¬ 
nesses  that  use  broadband 
connections  for  remote  and 
home  office  connections  and 
for  WAN  backup  links. 

“I  don’t  understand  how  the 
ruling  could  mean  there  will 
be  more  competition  to  foster 


15%  to  20%”  of  Wachovia’s  an¬ 
nual  application  support  costs. 

Bill  Bradway,  an  analyst  at 
IDC’s  Financial  Insights  divi¬ 
sion  in  Framingham,  Mass., 
estimated  that  Wachovia  could 
generate  $40  million  to  $50 
million  in  annual  cost 
savings  if  450  of  its 
full-time  and  contract 
programmers  were 
displaced. 

Davis  said  the  con¬ 
tracts  are  expected  to 
be  in  place  by  late  August  or 
early  September.  The  bank’s 
latest  outsourcing  strategy  has 
evolved  since  last  year,  when 
Wachovia  Chairman  and  CEO 
G.  Kennedy  Thompson 


more  growth  of  broadband,” 
said  Jay  Shell,  a  senior  tele¬ 
communications  specialist  at  a 
Michigan-based  bank  with  300 
branches  and  mortgage  offices 
nationwide.  Shell,  who  asked 
that  the  bank  not  be  named, 
called  the  court’s  decision  “a 
wolf  in  sheep’s  clothing”  and 
predicted  that  the  cost  of 
broadband  services  “absolute¬ 
ly”  will  go  higher. 

Broadband,  page  37 

READ  THE  DECISION 

Go  online  to  download  the  Supreme 

Court’s  opinions  on  broadband  access: 

QuickLink  a6410 
www.computerworld.com 


directed  the  firm  to  begin 
evaluating  the  offshore  out¬ 
sourcing  approaches  that  oth¬ 
er  large  U.S.  financial  institu¬ 
tions  had  taken,  Davis  said. 

As  part  of  the  evaluation, 
Wachovia  last  fall  sent  a  dele¬ 
gation  of  IT,  operations  and 
business  leaders  to  India  and 
Costa  Rica  to  meet  with  sever¬ 
al  offshore  services  providers. 

“The  starting  point  was 

Wachovia,  page  13 


Antitrust  Case 
Could  Be  Hard 
Sell  for  AMD 

Intel  suit  has  potential 
to  lower  PC  costs,  but 
proof  may  be  elusive 

BY  PATRICK  THIBODEAU 

IT  managers  can  hope  that 
Advanced  Micro  Devices  Inc.’s 
antitrust  lawsuit  against  Intel 
Corp.  leads  to  lower  PC 
prices.  But  the  only  thing  they 
likely  can  count  on  is  a  long 
wait  before  the  case  reaches 
any  kind  of  conclusion. 

Looking  to  break  what  it 
claims  is  Intel’s  chokehold  on 
the  corporate  PC  market, 

AMD  last  week  said  it  will  try 
to  speed  the  case  to  a  trial  in 
U.S.  District  Court  in  Dela¬ 
ware  within  18  months.  Ana¬ 
lysts  warned,  though,  that  the 
charges  will  be  hard  to  prove. 

AMD,  page  37 


Broadband  Decision  Pleases 
Vendors,  Irks  Some  IT  Pros 
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The  Samsung  242MP  display.  Explore  more  of  what’s  » 

One  look  and  you’ll  see  how  the  combination  of  a  computer  display  <M 
can  become  your  ultimate  source  of  knowledge.  And  why  Samsung  i: 
brand  in  the  world.-  So  when  you’re  serious  about  business,  turn  on  a 
yourself  on  to  a  whole  new  way  of  seeing  things,  www.samsung.corr 

102005  Samsung  Electronics  America,  Inc.  Samsung  is  a  registered  trademark  of  Samsung  Electronics  Co..  Ltd..-  ' 

I  ,  mngp  Simulated.  Global  market  share  leader  based  on  2004  iSuppll  Corporation  Rating.. 
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Employee  Development 
On  a  Shoestring 

In  the  Management  section:  IT  Mentor 
David  Putrich,  a  recently  retired  3M 
IT  manager,  explains  how  to  develop 
the  careers  of  IT  employees  without 
breaking  the  bank.  Page  32 
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Rights  of  Passage 

In  the  Technology  section:  Enterprise 
rights  management  systems  allow  compa¬ 
nies  to  protect  critical  content  from  unau¬ 
thorized  users  while  distributing  it  to 
those  who  need  to  see  it.  Page  17 
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6  Information  sharing  among 
U.S.  government  agencies  is 
improving,  but  more  is  need¬ 
ed  to  help  prevent  future  ter¬ 
rorist  attacks,  officials  say. 

7  IBM  releases  autonomic 
computing  technology  to 
speed  up  IT  troubleshooting. 

7  Major  vendors  drive  develop¬ 
ment  of  a  road  map  for  using 
Web  services  in  systems  man¬ 
agement. 

8  Q&A:  ChoicePoint  CIS0  Rich 
Baich  discusses  the  recent 
theft  of  data  from  his  firm. 

8  The  Payment  Card  Industry 

data  security  standard,  backed 
by  Visa  and  MasterCard,  goes 
into  effect  amid  concerns 
about  compliance. 

9  Cisco  is  struggling  to  imple¬ 
ment  a  hosted  CRM  system 
from  Salesforce.com,  accord¬ 
ing  to  a  research  report. 

9  EDS  is  threatened  with  legal 
action  by  the  U.K.’s  tax  agency. 

12  Global  Dispatches:  Microsoft 

joins  forces  with  six  Japanese 
universities  to  broaden  and 
deepen  its  software  research. 

12  Recent  data  compromises  in 

India  have  renewed  attention 
on  offshore  security  practices. 

13  Q&A:  The  co-author  of  Out¬ 
sourcing  America  says  he’s 
worried  that  U.S.  political  and 
business  leaders  are  sitting 
on  their  hands  as  the  country 
loses  its  next  generation  of 
potential  entrepreneurs. 


22  Neither  Rain  Nor  Sleet  Nor 
. . .  Hurricanes.  A  Florida 
berry  supplier  looks  for  a  way 
to  ensure  e-mail  continuity 
during  emergencies,  like 
Hurricane  Charley. 

24  Future  Watch:  Internet  Pio¬ 
neer  Looks  Ahead.  Leonard 
Kleinrock,  who  developed 
packet  switching,  envisions 
smart  handhelds  featuring 
haptic  interfaces  but  warns 
of  out-of-control  complexity. 

25  Security  Manager’s  Journal: 
Eyeing  an  Opening  for  Open- 
Source.  C.J.  Kelly  is  surprised 
when  her  boss  takes  an  inter¬ 
est  in  exploring  some  open- 
source  security  options. 
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27  Love  That  ‘Legacy.’  Legacy 
software  is  alive  and  well. 
Some  companies  still  swear 
by  their  old  systems,  while 
others  have  found  ways  to 
offload  their  spaghetti  code 
while  still  benefiting  from  it. 

30  Think  Tank:  Forrester  Re¬ 
search  says  most  corporate 
Web  home  pages  are  abysmal; 
and  a  book  suggests  it’s  time 
to  move  beyond  “business 
alignment”  into  “business- 
technology  convergence.” 

33  Career  Watch:  The  Veterans 
Affairs  department’s  CIO  dis¬ 
cusses  a  program  to  hire  dis¬ 
abled  veterans.  Plus,  a  study 
assesses  the  value  of  an  MBA, 
and  a  humorist  takes  a  wry 
look  at  the  best  vacation  you 
never  took. 


10  On  the  Mark:  Mark  Hall  re¬ 
ports  on  a  software  vendor 
that  thinks  Web-based  tech¬ 
nology  provides  a  better  way 
to  poll  oversurveyed  IT  and 
business  execs  about  issues 
such  as  customer  satisfaction. 

14  Don  Tennant  feels  a  lot  of  dis¬ 
gust  about  the  Intel-AMD  sit¬ 
uation,  and  it  isn’t  all  directed 
at  Intel. 

14  Bruce  A.  Stewart  takes  note 
of  a  CIO  who’s  hunkering 
down  but  has  his  eye  on  the 
bigger  picture. 

15  Thornton  A.  May  identifies 
the  skills  that  next-generation 
IT  leaders  think  they  are  go¬ 
ing  to  need. 

26  Douglas  Schweitzer  is  happy 
that  businesses  and  govern¬ 
ments  are  finally  getting  seri¬ 
ous  about  crimes  against  in¬ 
tellectual  property. 

34  Paul  Glen  is  often  asked, 
“What  should  I  do  with  use¬ 
less  people?”  First,  he  says, 
define  useless. 

38  Frankly  Speaking:  Frank 

Hayes  thinks  most  people 
missed  how  tech-savvy  the 
Supreme  Court  sounded  last 
week  when  it  handed  down  its 
Grokster  decision. 
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Seven  Common  Security  Mistakes 
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From  Tapes  to  Bits: 

Digital  Asset  Management 
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offs  and  concessions  with  Sun  Microsystems 
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fulfill  its  current  business  vision  and  future 
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world.com  offers  a  quick  and  witty  summary 
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Microsoft,  IBM 
Settle  Antitrust  Suit 

Microsoft  Corp.  will  pay  IBM 
S775  million  and  give  it  another 
$75  million  in  credit  under  an  an¬ 
titrust  settlement  reached  by  the 
two  companies.  The  settlement 
resolves  claims  arising  from  the 
U.S.  government’s  antitrust  case 
against  Microsoft,  which  found 
that  IBM  was  hurt  by  Microsoft’s 
anticompetitive  practices. 

The  settlement  also  resolves 
most  other  IBM  antitrust  claims, 
including  those  related  to  OS/2 
and  the  company’s  SmartSuite 
products.  IBM’s  claims  of  harm  to 
its  server  hardware  and  server 
software  businesses  are  not  cov¬ 
ered  by  the  settlement.  IBM  did 
agree  not  to  make  claims  for 
server  damages  for  two  years  and 
said  that  it  won’t  try  to  recover 
damages  on  server  claims  made 
before  June  30,  2002. 


Prosecutors  Revise 
Kumar  Indictment 

Prosecutors  have  filed  a  super¬ 
seding  indictment  that  includes 
more  details  about  former  CEO 
Sanjay  Kumar’s  alleged  partic¬ 
ipation  in  the  “35-day  month” 
accounting  fraud  at  Computer 
Associates  International  Inc. 

A  number  of  former  CA  officials, 
including  the  ousted  chief  finan¬ 
cial  officer  and  general  counsel, 
have  pleaded  guilty  to  charges  re¬ 
lated  to  the  fraud,  which  the  com¬ 
pany  has  admitted.  The  revised 
indictment  offers  additional  evi¬ 
dence  against  Kumar. 

Sun  Agrees  to 
Buy  SeeBeyond 

Sun  Microsystems  Inc.  has  agreed 
tc  buy  SeeBeyond  Technology 
Corp.  for  3337  million  in  cash  in 
an  effort  to  boost  its  business  in¬ 
tegration  software  business.  Sun 
also  disclosed  that  it  is  likely  to 
buy  additional  integration  soft¬ 
ware  vendors.  Sun  and  See¬ 
Beyond  claimed  that  there  is  little 
overlap  between  their  respective 
product  lines.  The  purchase  is  ex¬ 
pected  to  close  this  fall. 


Information  Sharing 
Key  to  U.S.  Security 


Top  gov’t  officials 
say  IT  can  drive 
improvements 

BY  GRANT  GROSS 

NEW  ORLEANS 

HE  U.S.  GOVERNMENT 
is  getting  better  at 
sharing  information 
among  the  various 
agencies  that  are  responsible 
for  protecting  the  nation 
against  terrorism,  but  IT  can 
help  drive  more  improve¬ 
ments,  top-ranking  antiterror¬ 
ism  officials  said  last  week. 

Two  federal  officials  told 
a  crowd  of  about  450  that 
mostly  included  federal,  state 
and  local  workers  who  deal 
with  domestic  security  issues 
that  the  government  has  im¬ 
proved  its  information-sharing 
capabilities  since  the  Sept.  11, 
2001,  terrorist  attacks. 

“We’re  not  there  yet.  We’re 
getting  there,”  said  Donna  Bu- 
cella,  director  of  the  FBI’s  Ter¬ 
rorist  Screening  Center. 

Bucella  and  Daniel  Oster- 
gaard,  executive  director  of  the 
Homeland  Security  Advisory 
Council  in  the  Department  of 


Homeland  Security  (DHS), 
both  touched  on  IT  during 
speeches  at  the  fourth  annual 
Government  Symposium  on 
Information  Sharing  and 
Homeland  Security  here. 

Better  sharing  of  informa¬ 
tion  among  government  agen¬ 
cies  is  key  to  preventing  future 
terrorist  attacks  on  the  U.S., 
Ostergaard  said.  “Either  stop  it 
before  it  happens,  or  you’re 
cleaning  it  up  afterward,”  he 
said.  “I’m  focused  on  stopping 
it  before  it  happens.” 

Critical  Protections 

Ostergaard  cited  Internet- 
based  control  systems  for  wa¬ 
ter  treatment  plants  as  an  ex¬ 
ample  of  how  IT  systems  can 
be  used  to  better  protect  the 
so-called  critical  infrastruc¬ 
ture  systems  in  the  U.S.  While 
workers  in  many  water  treat¬ 
ment  plants  can  check  the  sta¬ 
tus  of  on/off  valves  with  Web- 
based  programs,  more  pieces 
of  the  critical  infrastructure 
need  systems  that  can  pin¬ 
point  problems  and  quickly 
find  work-arounds,  he  said. 

The  government  has  deter¬ 
mined  that  the  nation’s  critical 


HWe  need  a 
system  that’s 
self-aware,  resilient, 
self-restorative  and 
protects  the  critical 
infrastructure. 


DANIEL  OSTERGAARD, 

EXECUTIVE  DIRECTOR,  HOMELAND 
SECURITY  ADVISORY  COUNCIL 

infrastructure  has  17  compo¬ 
nents,  including  the  electrical 
grid,  the  food  supply  chain  and 
the  water  supply.  Ostergaard 
advocated  more  use  of  auto¬ 
mated  systems  to  protect  them. 

“We  need  a  system  that’s 
self-aware,  resilient,  self¬ 
restorative  and  protects  the 
critical  infrastructure,”  he  said. 
“If  something  does  happen,  it 
has  to  be  self-restorative.” 

Bucella  expressed  concern 
about  the  small  $29  million 
IT  budget  for  the  Terrorist 
Screening  Center.  “I  didn’t 
realize,  and  I  don’t  think  any¬ 
body  realized  when  we  got 
into  this,  how  much  the  IT  de¬ 
velopment  costs,”  she  said. 

In  addition  to  some  aging 


critical  infrastructure,  the 
DHS  faces  a  number  of  other 
challenges  in  sharing  informa¬ 
tion,  Ostergaard  said. 

As  government  agencies  try 
to  move  away  from  tightly 
guarding  information,  it’s  now 
possible  that  they  will  share 
too  much  information  and 
flood  local  police  and  other 
public  safety  workers  with  too 
much  data,  Ostergaard  said. 

The  Terrorist  Screening 
Center  must  maintain  up-to- 
date  terrorist  watch  lists  and 
provide  those  lists  to  law  en¬ 
forcement  agencies,  border 
guards  and  transportation  se¬ 
curity  agents.  Since  2001,  the 
center  has  had  to  pull  together 
12  different  government  data¬ 
bases,  many  of  which  listed 
common  criminals  as  well  as 
terrorism  suspects,  into  a 
comprehensive  watch  list  that 
can  provide  police  officers 
with  real-time  data  about  a 
subject,  such  as  someone 
pulled  over  in  a  traffic  stop. 

The  center  is  looking  at 
commercial,  off-the-shelf  soft¬ 
ware  to  meet  many  of  its  IT 
needs  and  is  working  on  de¬ 
veloping  software  to  share 
with  other  agencies,  Bucella 
said.  “Wouldn’t  it  be  great  if 
we  could  all  use  the  same  sys¬ 
tem?”  she  said.  “That’s  really 
it:  connectivity.”  O  55317 


Gross  is  a  reporter  for  the 
IDG  News  Service. 


FBI  Rolling  Out  Data  Exchange  Network 

NEW  ORLEANS 


THE  FBI  plans  to  roll  out  a  re¬ 
gional  information-sharing  net¬ 
work  in  the  Seattle  area  on  Aug. 
1,  the  second  such  network  the 
bureau  will  put  in  place  this  year. 

The  Seattle  rollout  of  the  Re¬ 
gional  Data  Exchange,  or  R-DEx, 
follows  the  launch  of  a  similar 
network  in  the  St.  Louis  area  in 
February,  said  R.  Scott  Crabtree, 
section  chief  of  the  Field  Intelli¬ 
gence  Section  at  the  FBI’s  Direc¬ 
torate  of  Intelligence. 

Crabtree  detailed  the  R-DEx 
project  and  a  sister  national  proj¬ 
ect  called  N-DEx  at  the  fourth  an¬ 
nual  Government  Symposium  on 
Information  Sharing  and  Home¬ 
land  Security  here  last  week. 


R-DEx  allows  federal,  state 
and  local  law  enforcement  agen¬ 
cies  to  tie  their  investigative 
databases  together,  providing 
the  same  information  to  all  law 
enforcement  officers  with  access 
to  the  database,  Crabtree  said. 

In  the  St.  Louis  area,  the  FBI, 
the  Illinois  State  Police,  the  Mis¬ 
souri  State  Highway  Patrol,  the 
St.  Louis  Metropolitan  Police,  the 
St.  Louis  County  Police  and  the 
St.  Clair  County  Sheriff’s  Depart¬ 
ment  can  share  information,  the 
FBI  said.  The  R-DEx  and  N-DEx 
programs  stem  from  an  August 
2004  presidential  order  calling 
for  improved  cooperation  be¬ 
tween  federal  law  enforcement 
and  domestic  security  agencies 


and  state  and  local  police. 

R-DEx  and  N-DEx  are  built  on 
a  version  of  XML,  which  ensures 
that  multiple  organizations  can 
participate,  Crabtree  said. 

In  addition,  he  said,  the  sys¬ 
tems  are  built  with  commercial, 
off-the-shelf  software.  An  FBI 
spokeswoman  couldn’t  provide 
details  on  the  software.  Crabtree 
said  the  packages  allow  investi¬ 
gators  to  retrieve  text  and  map- 
based  information. 

Using  commercial  software 
will  allow  the  FBI  to  later  replace 
the  installed  packages  with  com¬ 
peting  products  that  may  otter 
better  features,  and  it  lets  region¬ 
al  groups  copy  the  FBI’s  work  for 
a  minimal  cost,  Crabtree  said. 

R-DEx  allows  law  enforcement 
agents  to  search  across  partici¬ 


pating  databases  for  investigative 
information.  For  example,  a  feder¬ 
al  agent  who  suspects  that  an  at¬ 
tack  on  a  chemical  plant  is  possi¬ 
ble  could  search  several  databas¬ 
es  to  find  past  suspects  who  live 
close  to  the  plant,  Crabtree  said. 

R-DEx  includes  a  Web-based 
interface  that  lets  law  officers  log 
in  and  search  using  a  “Google- 
like”  interface,  he  said. 

The  FBI  plans  to  roll  out  12  to  18 
regional  data-exchange  systems  in 
pilot  programs  in  coming  months, 
according  to  Crabtree.  It  also  plans 
to  expand  the  systems  by  adding 
investigative  information  from  sev¬ 
eral  federal  agencies,  including  the 
Drug  Enforcement  Administration, 
the  U.S.  Marshals  Service  and 
the  Federal  Bureau  of  Prisons. 

-  Grant  Gross 
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IBM  Adds  Autonomic  Tools 
To  Speed  Up  Error  Detection 

Automating  analysis  of  system  logs 
reduces  IT  troubleshooting,  users  say 


BY  PATRICK  THIBODEAU 

IBM  last  week  released  auto¬ 
nomic  computing  technology 
that’s  designed  to  automate 
the  process  of  searching 
through  error  logs  to  deter¬ 
mine  why  a  system  has  failed. 

Two  users  who  are  testing 
the  multivendor  offering  said 
the  promised  ability  to  quickly 
analyze  multiple  system  logs 
and  identify  failure  points  is 
no  small  thing.  Done  manual¬ 
ly,  that  work  is  laborious  and 
eats  up  IT  staff  time,  they  said. 

Steve  Peltzman,  CIO  at  the 
Museum  of  Modern  Art  in 
New  York,  described  the  auto¬ 
nomic  tools  as  a  “retrofit”  to 
his  existing  IBM-based  Web 
commerce  systems  frame¬ 
work.  “It’s  doing  a  mundane 


task  intelligently  —  it’s  like  a 
robot  that  uses  a  vacuum 
cleaner,”  Peltzman  said. 

IBM  embraced  the  concept 
of  autonomic  computing  in 
2001  with  the  goal  of  creating 
systems  that  can  manage 
themselves,  take  corrective  ac¬ 
tions  and  even  respond  to  se¬ 
curity  threats.  Other  vendors 
are  also  pursuing  the  technol¬ 
ogy,  but  it’s  still  nascent. 

Development  Imperative 

Peter  Stone,  a  professor  of 
computer  science  at  the  Uni¬ 
versity  of  Texas  at  Austin,  was 
one  of  the  speakers  at  the  sec¬ 
ond  International  Conference 
on  Autonomic  Computing  last 
month  in  Seattle.  Stone  said 
last  week  that  autonomic  com¬ 


puting  will  develop  gradually 
and  that  initial  efforts  will  be 
along  the  lines  of  the  add-on 
capabilities  that  IBM  is  build¬ 
ing  for  existing  systems. 

But  creating  systems  that 
can  configure,  manage,  diag¬ 
nose  and  heal  themselves  “just 
has  to  happen,”  Stone  said.  “As 
systems  are  becoming  more 
complex,  the  amount  of  time 
and  money  spent  on  system 
administration  is  just  going 
through  the  roof.  That  can’t 
continue.” 

IBM’s  error-log  analyzer, 
which  is  being  offered  through 
its  services  unit,  supports  the 
Web  Services  Distributed 
Management  standard,  which 
was  recently  ratified  by  the 
Organization  for  the  Advance¬ 
ment  of  Structured  Informa¬ 
tion  Standards.  IBM  has  been 
driving  the  development  of 
WSDM  along  with  Hewlett- 


MORE  FROM  IBM 


As  part  of  its 
autonomic  computing 
initiative,  IBM  also: 

■  Introduced  a  service  for 
speeding  up  SAP  deployments 

and  improving  system  utilization 
rates  and  resource  sharing  be¬ 
tween  SAP  applications. 

■  Upgraded  an  online  auto¬ 
nomic  computing  tool  kit  for 
developers  by  adding  wider 
Java  support  and  new  software 
that  enables  self-management 
on  larger  applications. 

Packard  Co.  and  Computer 
Associates  International  Inc. 
(see  related  story  below). 

Dave  Bartlett,  vice  president 
of  autonomic  computing  at 
IBM,  said  the  company  has 
built  adapters  that  can  parse 
log  files  into  the  WSDM  for¬ 
mat  for  a  variety  of  servers, 
storage  devices  and  other 
equipment  from  top  vendors. 

Thomson  SA’s  Camarillo, 
Calif.-based  Technicolor  divi¬ 
sion  is  testing  IBM’s  Accelera¬ 
tor  for  Service  Management 
for  Problem  Determination 


technology  on  its  digital  asset 
management  system.  When 
system  errors  occur,  the  mes¬ 
sages  that  get  generated  are 
often  ambiguous,  said  Carey 
Capaldi,  who  manages  the 
Technicolor  system. 

The  autonomic  tool  ties  all 
the  logs  together,  which  lets 
Capaldi  see  the  relationships 
between  system  technologies 
and  pinpoint  where  problems 
occurred.  Using  the  tool  has 
increased  system  trouble¬ 
shooting  speeds  by  20%  to 
40%,  he  said. 

Capaldi  said  the  next  phase 
in  the  months  ahead  is  for 
IBM  to  try  to  couple  the  log 
analysis  features  with  self- 
healing  capabilities  that,  for 
instance,  could  automatically 
restart  a  server  in  a  way  that 
works  in  concert  with  storage 
devices  and  other  equipment. 
That  would,  for  example,  en¬ 
able  overnight  processing  jobs 
that  are  stopped  by  a  system 
failure  to  resume  running  au¬ 
tomatically  instead  of  waiting 
for  manual  repairs  that  might 
not  be  done  until  the  morning, 
he  noted.  ©  55350 


Vendors  Team  Up  on  Systems  Management  Road  Map 


HP,  IBM,  CA  see 
simplified  process 
built  around  Web 
services,  new  tools 

BY  MATT  HAMBLEN 

At  a  grid  computing  conference 
in  Chicago  last  week,  Hewlett- 
Packard  Co.,  IBM  and  Com¬ 
puter  Associates  International 
Inc.  presented  a  jointly  writ¬ 
ten  road  map  for  delivering  IT 
resource  management  features 
based  on  Web  services. 

The  road  map  outlines  the 
progress  made  on  various 
standards  dating  back  to  1999, 
and  it  describes  emerging 
Web  services  specifications 
that  are  expected  to  lead  to 
the  development  of  new  man¬ 
agement  tools  over  the  next 
three  years,  said  William  Vam- 
benepe,  a  management  soft¬ 
ware  technologist  at  HP. 

Vambenepe  was  one  of  five 
authors  of  the  21-page  report, 


which  is  dated  June  2  but 
made  its  first  public  appear¬ 
ance  last  week.  The  document 
details  a  common  technology 
approach  that’s  designed  to 
simplify  the  process  of  manag¬ 
ing  existing  systems  and  IT  in¬ 
stallations  based  on  service- 
oriented  architectures  (SOA). 

IT  tasks  that  will  have  to  be 
taken  into  account  as  part  of 
advanced  systems  manage¬ 
ment  scenarios  include  provi¬ 
sioning,  policy-based  manage¬ 
ment,  unified  resource  discov¬ 
ery,  resource  virtualization 
and  utility  computing,  accord¬ 
ing  to  the  road  map. 

WSDM  Evolving 

CA,  IBM  and  HP  also  are 
driving  the  development  of 
Web  Services  Distributed 
Management,  one  of  the  new 
standards  mentioned  in  the 
road  map.  Software  based  on 
WSDM  was  run  on  a  Black- 
Berry  handheld  as  part  of  a 
demonstration  at  last  week’s 


New  SOA 
Services 

■  HP  announced  a  suite  of 
seven  SOA  consulting  ser¬ 
vices  and  the  opening  of 
four  centers  in  the  U.S., 
India,  France  and  Japan 
that  will  help  users  build 
and  manage  SOAs. 

■  IBM  said  it  will  give  busi¬ 
ness  partners  building 
SOAs  for  customers  free 
access  to  WebSphere  and 
Rational  tools  and  help 
them  with  training,  plan¬ 
ning  and  marketing. 


event,  Global  Grid  Forum  14. 

Microsoft  Corp.  is  building 
a  similar  specification  with 
help  from  other  vendors. 
“Technically,  Microsoft  is  not 
very  far  from  where  we’re  go¬ 
ing,”  Vambenepe  said.  “We 
don’t  expect  one  model.  There 
are  lots  of  models.” 


WSDM,  which  in  March  was 
approved  by  the  Organization 
for  the  Advancement  of  Struc¬ 
tured  Information  Standards 
in  Billerica,  Mass.,  defines  a 
basic  set  of  manageability  fea¬ 
tures  for  tasks  such  as  identi¬ 
fying  IT  resources  and  the  re¬ 
lationships  between  pieces  of 
equipment. 

In  a  statement,  Microsoft 
said  the  Web  Services  Man¬ 
agement  specification  it’s  co¬ 
authoring  with  Dell  Inc.,  Intel 
Corp.  and  other  vendors  is  be¬ 
ing  designed  to  work  on  small, 
resource-constrained  devices 
in  addition  to  larger  systems. 

But  last  week’s  BlackBerry 
demonstration  proved  that 
WSDM  code  can  work  on  a 
small  device,  according  to 
Vambenepe.  “WSDM  has  no 
problems  scaling  down,”  he 
said,  adding  that  the  BlackBer¬ 
ry  demo  code  was  created  by 
IBM.  HP  has  written  its  own 
code  for  its  iPaq  handhelds. 

Jason  Bloomberg,  an  analyst 


at  ZapThink  LLC  in  Waltham, 
Mass.,  said  the  road  map  helps 
demonstrate  that  progress  is 
being  made  on  technology  for 
Web  services  and  SOAs.  “In 
general,  all  the  vendors  realize 
they  have  to  play  along  with 
interoperability,”  Bloomberg 
said.  “Politics  still  could  get 
in  the  way.  But  customers  get 
upset  with  vendors  that  don’t 
interoperate.” 

He  added  that  although 
management  tools  supporting 
some  of  the  upcoming  stan¬ 
dards  should  emerge  within 
three  years,  they  “will  defi¬ 
nitely  be  early-adopfer  prod¬ 
ucts.”  ©  55349 


Correction 

IN  LAST  WEEK’S  special  report 
on  the  100  3est  Places  to  Work 
in  IT  for  2005,  the  listing  of 
the  winners  incorrectly  referred 
to  Jacksonville,  Fla.-based 
Nemours  as  a  chemical  com¬ 
pany.  Nemours,  which  was 
No.  98  on  the  list,  operates  a 
pediatric  health  care  system 
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Cisco  Buys  Security 
Software  Maker 

Cisco  Systems  Inc.  has  agreed  to 
pay  S30  million  for  start-up  Net- 
Sift  Inc.,  a  maker  of  deep  packet 
processing  technology  that’s  de¬ 
signed  to  detect  network  attacks 
as  they  happen.  Founded  in  June 
2004,  NetSift  employs  15  people. 
Cisco  will  fold  NetSift  into  its  In¬ 
ternet  systems  business  unit. 


CA  to  Add  Acquired 
Firewall  to  eTrust 

Computer  Associates  International 
Inc.  said  it  has  acquired  Tiny  Soft¬ 
ware  Inc.  and  will  add  Tiny’s  fire¬ 
wall  software  to  its  eTrust  security 
portfolio.  Tiny’s  staff  of  fewer  than 
20  people  has  joined  CA.  The 
company  plans  to  use  Tiny’s  fire¬ 
wall  technology  in  its  Integrated 
Threat  Management  platform, 
which  is  due  to  be  unveiled  later 
this  year.  Financial  terms  of  the 
deal  weren’t  disclosed. 


Oracle  Q4  Revenue 
Grows  by  26% 

Oracle  Corp.  reported  a  big  jump 
in  revenue  for  its  fourth  quarter 
that  was  driven  by  its  merger  with 
PeopleSoft  and  strong  sales  in  all 
product  categories.  Oracle  would 
not  break  out  specific  results  from 
the  PeopleSoft  business. 
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Hacker  Breaches 
UConn  Server 


The  University  of  Connecticut  said 
a  server  with  persona!  data  on 
72,000  students,  faculty  and  staff 
was  breached  last  month.  The 
server  contained  personal  infor¬ 
mation,  including  names.  Social 
Security  numbers  and  campus  ad- 
sjsss.  The  breach  was  discov¬ 
er;  UConn’s  ST  department 
notified  fay  a  nonuniversity 
corpsratSon  that  an  invalid  log-on 
attest  had  originated  from  a 
UCofin  computer. 


Tech  Alone  Can’t  Stop  Security 
Breaches,  Says  ChoicePoint  CISO 

Responding  to  criticism  in  wake  of  Feb. 
incident,  Baich  says  issue  transcends  Ff 


BY  JAIKUMAR  VIJAYAN 

A  massive  data  compromise  at 
ChoicePoint  Inc.  earlier  this 
year  has  made  the  Alpharetta, 
Ga.-based  data  aggre¬ 
gator  a  target  for  those 
calling  for  tougher 
data-protection  laws 
[QuickLink  52719].  In 
an  interview  with  Com- 
puterworld,  Rich  Baich, 
ChoicePoint’s  chief  in¬ 
formation  security  offi¬ 
cer,  talked  about  the 
breach,  the  measures  that 
have  been  put  in  place  since 
then  and  the  inherent  lessons 
for  other  CISOs. 

You  have  in  the  past  said  that 
what  happened  at  ChoicePoint 
was  not  really  a  security  breach. 
Then  what  was  it?  It  all  comes 
down  to  how  you  define  a 
breach  and  how  you  define 
an  incident.  This  was  fraud. 
Someone  fraudulently  provid¬ 
ed  authentication  to  the  sys¬ 
tem.  It’s  no  different  than 
credit  card  theft  and  credit 
card  fraud.  Those  are  never 
referenced  as  IT-related  is¬ 
sues,  though  they  happen  mil¬ 
lions  of  times  every  year. 
People  are  trying  to  point  to  a 
person,  when  we  really  need 
to  be  looking  at  things  as  an 
industry. 

But  wouldn’t  better  IT  controls 
have  helped?  Sure.  As  an  indus¬ 
try,  I  think  we  have  gotten  bet¬ 
ter  with  our  fraud  analytics 
tools.  There’s  technology  that 
can  do  geographic  IP  loca¬ 
tions.  There  is  some  technol¬ 
ogy  that  can  help  mitigate  the 
risk  —  not  stop  it. 

So  are  you  doing  anything  differ¬ 
ently  now?  Yes.  We  are  looking 
at  our  entire  credentialing 
process,  the  entire  business 
process  and  how  it’s  being 
done.  We  are  looking  at 
putting  additional  technolo¬ 


gies  in  place  and  [at]  the  way 
we  do  business  with  others. 

What’s  the  take-away  from  that 
whole  incident?  What’s 
your  advice  for  CISOs?  If 

you  are  going  to  have 
this  role  at  a  time  when 
there  is  really  no  firm 
guidance,  make  sure  you 
have  selected  a  model 
to  implement.  If  you 
have  selected  a  model 
and  you  are  implement¬ 
ing  a  program  around  that 
model,  you  can  be  successful. 

Why  are  we  hearing  about  so 
many  major  data  compromises 
these  days?  What’s  happening? 

In  general,  more  organizations 
are  reporting  it.  But  I  also 
think  the  processes  and  the 
technologies  have  matured  so 


Some  merchants 
are  concerned 
about  compliance 

BY  JAIKUMAR  VIJAYAN 

A  data  security  standard  for 
all  merchants  handling  credit 
card  data  went  into  effect  last 
week  amid  concerns  over  po¬ 
tential  implementation  and 
compliance  validation  snags. 

Analysts  said  many  of  the 
banks  and  merchants  that  must 
adhere  to  the  Payment  Card 
Industry  (PCI)  standard, 
backed  by  MasterCard  Interna¬ 
tional  Inc.  and  Visa  U.S.A.  Inc., 
lack  the  resources  and  capa¬ 
bilities  to  meet  its  provisions. 

In  addition,  many  mer¬ 
chants  remain  unsure  of  what 
they  must  do  to  meet  the 
standard,  which  was  created 
jointly  by  several  credit  card 
associations.  And  many  of 
the  so-called  acquiring  banks, 


that  they  are  now  realizing  it. 
You  have  to  remember,  an  in¬ 
cident  is  an  incident  only  if  it’s 
reported.  So,  as  frightening  as 
it  is,  there  is  also  a  positive 
end  to  it  because  at  least  the 
people  are  catching  it. 

Will  the  concern  generated  by  the 
recent  spate  of  data  compromis¬ 
es  inevitably  result  in  more  man¬ 
dated  controls?  When  people 
want  to  put  controls  in  place, 
it  may  be  difficult,  because 
what  controls  do  you  put  for 
what  kind  of  information?  The 
incidents  have  caused  a  new 
focus  within  many  organiza¬ 
tions,  and  I  think  in  the  long 
run,  that  itself  will  help  miti¬ 
gate  future  risk. 

Are  companies  looking  at  compli¬ 
ance  requirements  more  as  a 
baseline  set  of  controls  they  have 
to  meet  from  a  security  stand¬ 
point,  or  as  the  ceiling?  I  think 
every  company  is  always 


which  decide  whether  specific 
merchants  are  eligible  to  ac¬ 
cept  credit  cards,  often  lack 
the  expertise  to  ensure  mer¬ 
chant  compliance  with  PCI, 
analysts  said. 

Merger  of  Programs 

The  standard  unifies  two 
previously  separate  sets  of  re¬ 
quirements:  Visa’s  Cardholder 
Information  Security  Program 
and  MasterCard’s  Site  Data 
Protection  Program. 

Under  PCI,  all  companies 
that  accept  credit  cards  must 
comply  with  12  security-related 
requirements  that  call  for, 
among  other  things,  encrypted 
transmission  of  cardholder 
data,  periodic  network  scans, 
logical  and  physical  access 
controls,  and  activity  monitor¬ 
ing  and  logging. 

The  acquiring  banks  face 
fines  of  up  to  $500,000  per 
incident  if  credit  card  data  is 


evolving  to  be  stronger  in 
their  own  maturity  model 
when  it  comes  to  security.  We 
have  tried  to  stay  ahead  of  the 
curve.  But  the  toughest  part 
about  legislation  right  now  is 
you  don’t  know  where  it’s 
coming  from  and  you  don’t 
know  what  to  expect. 

You  just  released  a  book  on  what  it 
takes  to  win  as  a  CISO.  So,  what 
does  it  take  to  be  successful? 

Winning  is  about  getting  a  seat 
at  the  boardroom  table  and 
becoming  a  true  member  of 
the  senior  executive  team.  It’s 
when  you  are  able  to  intertwine 
security  into  every  business 
aspect.  It’s  about  leaning  more 
toward  risk  rather  than  talking 
about  security.  O  55320 


READ  MORE  ONUNE 

Visit  our  Web  site  to  read  an  extended 
version  of  our  interview  with  Baich: 

QuickLink  55247 
www.computerworld.com 


found  to  be  compromised. 

While  analysts  agree  that 
the  PCI  standard  incorporates 
some  sound  security  prac¬ 
tices,  the  credit  card  industry 
must  quickly  address  its  prob¬ 
lems.  For  example,  for  most 
merchants,  compliance  is 
based  on  self-assessments 
rather  than  on  third-party  au¬ 
dits,  said  Ivan  Remsik,  an  ana¬ 
lyst  at  Cambridge,  Mass.- 
based  Forrester  Research  Inc. 

Only  the  largest  merchants 
—  those  processing  more  than 
6  million  MasterCard  or  Visa 
transactions  annually  —  must 
submit  to  costly  PCI  compli¬ 
ance  audits,  Remsik  said. 

“Security  is  not  something 
that  can  be  assessed  in  20  to  30 
minutes  with  a  self-assessment 
questionnaire.  It  would  be 
very  difficult  to  determine 
whether  a  merchant  is  telling 
the  truth”  without  more  con¬ 
trols,  he  said. 


New  Credit  Card  Security  Rule  Takes  Effect 


ij 

- 


Reading  someone  else’s  copy  of  COMPUTERWORLD  ? 


v 


Apply  for  your  own 

FREE 

subscription  today. 


FREE  subscription 

(51  issues) 

Apply  online  at: 

cwsubscribe.com/b05 


j 


cwsubscribe.com/b05 


COMPUTERWORLD 

Apply  for  your  own  FREE  subscription  today! 


cwsubscribe.com/b05 


(A  $99."  value  -  yours  FREE) 


www.computerworld.com 


NEWS 


Salesforce.com  CRM  Rollout  at  Cisco  Said  to  Slow 


Research  firm: 
Project  is  9  months 
behind  schedule 

BY  MARC  L.  SONGINI 

What  once  looked  to  be  a  mar¬ 
quee  deployment  of  hosted 
CRM  software  at  Cisco  Sys¬ 
tems  Inc.  is  now  the  subject  of 
a  damning  report  from  an  eq¬ 
uities  research  firm  that  says 
the  project  has  stalled. 

In  a  note  published  on  June 
22,  analysts  from  JMP  Securi¬ 
ties  LLC  said  that  a  deploy¬ 
ment  of  hosted  CRM  software 
from  San  Francisco-based 
Salesforce.com  Inc.  had  been 
delayed. 

Salesforce.com  signed  a 
deal  with  Cisco  during  the 
second  half  of  2004  that  called 
for  an  initial  rollout  of  up  to 
2,000  seats  and  a  later  installa¬ 
tion  of  as  many  as  10,000  seats 
by  this  June,  according  to  San 
Francisco-based  JMP. 

End-user  resistance  and  in¬ 
tegration  challenges  forced 
the  deal  to  be  renegotiated  so 
that  the  rollout  is  staggered. 


An  even  bigger  issue  is  that 
most  acquiring  banks  lack 
the  expertise  to  monitor  com¬ 
pliance  with  PCI,  said  Avivah 
Litan,  an  analyst  at  Gartner 
Inc.  in  Stamford,  Conn. 

“There  are  some  really  good 
security  principles  in  PCI,” 
she  said.  “The  problem  is  that 
acquiring  banks  are  in  way 
over  their  heads  when  it 
comes  to  implementation.” 

Credit  card  associations  like 
MasterCard  and  Visa  have 
also  been  vague  on  several  as¬ 
pects  of  the  standard,  Litan 
said.  For  instance,  there  are  no 
clear  directives  on  how  and 
when  penalties  will  be  as¬ 
sessed,  she  said. 

“There  are  so  many  ques¬ 
tions  that  our  clients  want 
answered,  but  there’s  no  one 
to  answer  them,”  Litan  said. 
“You  just  can’t  plunk  down  a 
security  standard  and  simply 
walk  away.” 

MasterCard  and  Visa  did 
not  respond  to  requests  for 
comment.  ©  55351 


Completion  is  now  set  for 
March  2006,  the  report  said. 

Salesforce.com  confirmed 
that  Cisco  is  a  customer  but  de¬ 
clined  to  comment  on  the  size 
or  status  of  the  implementation. 
Cisco  also  declined  to  com¬ 
ment,  citing  a  policy  of  not  talk¬ 
ing  about  vendor  relationships. 

Some  analysts  said  the  re¬ 
port  calls  into  question  Sales- 
force.com’s  ability  to  handle 
large  implementations. 

So  far,  according  to  JMP, 
only  1,000  seats  are  running 
the  software,  and  Cisco  is  due 
to  review  the  deployment. 

The  JMP  analysts  said  “due 
diligence”  in  their  research 
found  that  Cisco  users  have 
been  slow  to  embrace  the  sys¬ 
tem  because  it  doesn’t  support 
tools  that  handle  tasks  such  as 
territory  management,  ad¬ 
vanced  account  hierarchies 
and  forecasting. 

Cisco  IT  staffers  are  strug¬ 
gling  to  link  the  Salesforce.- 


BY  MARC  L.  SONGINI 

A  U.K.  government  agency  has 
threatened  Electronic  Data 
Systems  Corp.  with  legal  action 
to  recoup  some  of  the  monies 
lost  as  a  result  of  a  troubled 
tax  credit  management  soft¬ 
ware  system. 

Her  Majesty’s  Revenue  & 
Customs  (HMRC)  department 
is  threatening  a  lawsuit  to  re¬ 
cover  part  of  an  estimated 
$3.5  billion  in  overpayments  to 
taxpayers  that  were  caused  in 
part  by  technical  glitches  in  a 
credit  system  designed  and 
implemented  by  EDS  under  a 
contract  with  the  agency. 

The  system  was  built  to 
guarantee  that  accurate  cred¬ 
its  were  awarded  to  families 
who  have  children  or  were  be¬ 
low  certain  income  levels. 

HMRC  declined  to  disclose 
EDS’s  specific  role  in  building 
or  supporting  the  system,  or  the 
amount  it  would  seek  to  recov¬ 
er,  citing  the  pending  litigation. 


com  software  with  those  tools 
and  are  questioning  the  wis¬ 
dom  of  relying  on  so  heavily 
customized  a  hosted  applica¬ 
tion,  the  report  said. 

Cisco  is  also  coping  with 
unexpected  change  manage¬ 
ment  and  training  issues, 
forcing  the  company  to  throw 
more  resources  at  the  project. 

“Last,”  said  the  note,  “we  be¬ 
lieve  that  [Cisco]  executive 
support  for  the  Salesforce.com 
service  may  be  waning  due  to 
some  changes  in  the  business 
operations  leadership  as  well 
as  a  sense  among  the  sales 
leadership  that  it’s  not  worth 
rocking  the  sales  operations 
for  a  new  software  vendor.” 

Salesforce.com  declined  to 
comment  on  any  details  of  the 
report,  but  it  issued  a  state¬ 
ment  that  said,  “Salesforce.- 
com  has  consistently  been 
ranked  at  the  top  of  the  class 
as  it  relates  to  customer  satis¬ 
faction,  and  we’ll  continue  to 


By  far,  most  of  the  overpay¬ 
ments  were  the  result  of  pro¬ 
cedural  errors,  according  to  the 
agency.  The  remaining  over¬ 
payments,  which  the  agency  is 
seeking  to  recover  from  EDS, 
were  the  result  of  processing 
and  technical  glitches.  The 
amount  of  those  particular 
overpayments  wasn’t  disclosed. 

Overall,  the  agency  has  said 
that  so  far  about  $90  million  has 
been  deemed  unrecoverable. 

Plano,  Texas-based  EDS 
implemented  the  system,  but 

H  Court  pro¬ 
ceedings  will 
begin  if  and  when 
those  discussions 
[with  EDS]  do 
not  satisfactorily 
resolve  the  dispute. 

HMRC  STATEMENT 


work  hard  with  Cisco  and  all 
of  our  other  customers  to  en¬ 
sure  that  remains  the  case.” 

Rebecca  Wettemann,  an  an¬ 
alyst  at  Nucleus  Research  Inc. 
in  Wellesley,  Mass.,  raised 
questions  about  the  hosted 
software’s  ability  to  support 
deployments  of  more  than 
2,000  seats.  “There’s  nothing 
wrong  with  the  platform,  but 


KEY  ISSUES 

Salesforce.com 
Problems  at  Cisco 

J  Users  have  been  slow  to 
adopt  the  system. 

j  Integration  work  is  causing 
problems  for  Cisco  IT  per¬ 
sonnel. 

j  Change  management  is 
more  difficult  than  expected. 

-i  Problems  are  causing  users 
to  revert  to  old  CRM  system. 


after  its  support  contract  ex¬ 
pired  in  June  2004,  EDS  rival 
Capgemini  was  hired  by 
HMRC  to  take  over. 

“HMRC  now  has  a  new  IT 
partner,  the  system  is  working 
well,  and  discussions  are  on¬ 
going  with  EDS  about  com¬ 
pensation  for  past  failures,” 
the  agency  said  in  a  statement. 
“Court  proceedings  will  begin 
if  and  when  those  discussions 
do  not  satisfactorily  resolve 
the  dispute.” 

Performance  Problems 

Citing  potential  litigation, 
HMRC  representatives  de¬ 
clined  to  go  into  the  specifics 
of  the  system  or  the  technical 
problems  involved. 

A  July  2003  House  of  Com¬ 
mons  Treasury  Committee  re¬ 
port,  however,  said  the  EDS- 
built  credit  processing  system 
suffered  performance  problems 
as  it  took  feeds  from  other  sys¬ 
tems.  In  addition,  the  commit¬ 
tee  report  said  that  the  IT  staff 
found  response  times  to  be  in¬ 
ordinately  slow,  which  caused 
the  system  to  be  brought 
down  several  times  a  day. 

A  U.K.-based  EDS  spokes- 


U.K.  Tax  Agency  Mulls 
Lawsuit  Against  EDS 
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it’s  not  proven  that  it’s  a  CRM 
solution  that  scales,”  she  said. 

In  a  report  last  month  based 
on  a  survey  of  29  Salesforce.- 
com  customers,  Wettemann 
indicated  that  the  larger  com¬ 
panies  using  the  software  typi¬ 
cally  do  so  on  a  divisional  lev¬ 
el  with  deployments  that  don’t 
exceed  1,000  seats. 

Salesforce.com,  however, 
claims  that  it  has  had  a  number 
of  successful  large  deployments 
at  major  companies,  such  as 
the  one  at  Corporate  Express 
Inc.,  a  Broomfield,  Colo.-based 
provider  of  office  and  comput¬ 
er  products  and  services. 

“We  have  had  no  issues  with 
scalability  in  our  environment, 
as  evidenced  by  the  rapid  roll¬ 
out  of  our  first  2,500  users 
over  the  last  year,”  said  Mark 
Newhall,  vice  president  for 
customer  care  and  quality  sys¬ 
tems  at  Corporate  Express,  in 
an  e-mail  message. 

Corporate  Express  uses  a 
customized  version  of  Sales- 
force.com  to  support  sales  and 
collaboration  efforts.  ©  55346 


man  declined  to  comment  on 
any  specifics  of  the  situation. 
“These  discussions  continue, 
and  we’re  putting  our  best  re¬ 
sources  on  them  with  the  aim 
of  making  sure  we  get  to  the 
point  where  there  is  an  agree¬ 
ment  that’s  mutually  accept¬ 
able  around  the  tax  credits 
issue,”  he  said. 

EDS’s  reputation  could  be 
harmed  if  the  agency  proceeds 
with  the  lawsuit,  said  John 
O’Brien,  an  analyst  at  London- 
based  research  firm  Ovum 
Ltd.  In  a  note  published  on 
June  21,  he  said  EDS  has  been 
rebuilding  its  reputation  in  the 
U.K.  public  sector  since  losing 
the  tax  agency’s  contract  to 
Capgemini  last  year. 

The  company  got  a  big 
boost  in  rehabilitating  its  im¬ 
age  when  it  won  a  $7.7  billion 
IT  services  revamp  contract 
with  the  U.K.  Ministry  of  De¬ 
fence  last  March  [QuickLink 
52897]. 

However,  O’Brien  noted 
that  “this  ghost  of  EDS’s  past 
just  won’t  go  away”  and  that 
the  company  must  be  careful 
about  how  it  handles  the  situa¬ 
tion.  ©  55330 
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SAP  Extends  Oracle 
Migration  Plan 

In  a  move  to  attract  more  cus¬ 
tomers  from  Oracle  Corp.,  SAP  AG 
is  extending  its  Safe  Passage  mi¬ 
gration  program  to  include  small 
and  midsize  enterprises  world¬ 
wide.  SAP  and  its  mySAP  All-in- 
One  channel  partners  will  provide 
companies  running  PeopleSoft 
and  J.D.  Edwards  software  a  mi¬ 
gration  path  to  nearly  600  mySAP 
All-in-One  applications. 


Corel  Names  Former 
IBM  Executive  CEO 

Corel  Corp.  has  named  former  IBM 
executive  David  Dobson  its  CEO. 
He  replaces  Amish  Mehta,  who 
takes  over  as  chairman.  Mehta  be¬ 
came  interim  CEO  in  August  2003, 
when  Corel  was  acquired  by  Vec¬ 
tor  Capital  Corp.  Dobson  held  sev¬ 
eral  posts  in  his  20  years  at  IBM, 
most  recently  corporate  vice  presi¬ 
dent  in  charge  of  strategy. 


Judge  Lets  SCO 
Lawsuit  Proceed 

The  SCO  Group  Inc.’s  slander  law¬ 
suit  against  Novell  Inc.  is  now  set 
to  enter  the  discovery  phase  after 
the  judge  in  the  bitter  battle  denied 
a  second  Novell  motion  to  dismiss 
the  case.  SCO  filed  the  suit  in  Jan¬ 
uary  2004,  arguing  that  it  owns 
the  rights  to  the  Unix  and  Unix¬ 
Ware  copyrights.  SCO  is  seeking 
damages  from  what  it  says  are 
Novell’s  false  claims  about  owning 
the  Unix  source  code. 


Accenture  Wins 
Army  Contract 

The  U.S.  Army  has  awarded  Ac¬ 
centure  Ltd.  a  10-year,  $537  mil¬ 
lion  contract  to  build  and  support 
new  financial  systems  that  will 
allow  the  Army  to  better  track  its 
income  and  spending.  The  Army’s 
Program  Executive  Office  for  En¬ 
terprise  Information  Systems  said 
Accenture  was  selected  over  four 
unnamed  vendors  to  build  the  ser¬ 
vice’s  new  General  Fund  Enter¬ 
prise  Business  System. 


EONTHEMARK 


HOT  TECHNOLOGY  TRENDS,  NEW  PRODUCT 
NEWS  AND  INDUSTRY  BUZZ  BY  MARK  HALL 


Harried  IT  Execs  Are 
Being  Hounded  by . . . 

. . .  pollsters  who  desperately  want  to  pick  their  brains. 

“After  doctors,  IT  guys  are  the  most  surveyed  guys 
in  the  country”  observes  Jeff  Henning,  chief  operat¬ 
ing  officer  at  Perseus  Development  Corp.  in  Brain¬ 
tree,  Mass.  Your  popularity  among  researchers  often 


makes  you 
reluctant  to 
answer  their 
endless 
queries,  he 
says.  The 
longtime 
market  re¬ 
search  expert 
claims  that 
it’s  even 
worse  in 
England, 
where  he  recalls  having  to 
bribe  IT  managers  “with  40- 
year-old  bottles  of  scotch”  to 
get  them  to  complete  re¬ 
search  studies.  While  dusty 
jugs  of  pricey  booze  may  get 
your  attention,  handing  them 
out  isn’t  cost-effective  for  the 
researchers.  Still,  question 
you  they  must,  argues  Hen¬ 
ning,  “because  [businesses] 
don’t  have  the  deep  relation¬ 
ships  with  individual  cus¬ 
tomers  that  [they]  once  did.” 
To  help  companies  survey 
customers  about  satisfaction 
levels  or  future  needs  with¬ 
out  abusing  their  precious 
time,  Perseus  sells  Web-based 
software  that  centrally  man¬ 


ages  the  entire  research 
process.  The  company’s  Sur- 
veySolutions/EFM  1.4  up¬ 
grade  ships  next  week  with 
improved  trend-data  report¬ 
ing,  added  question  libraries 
and  a  host  of  other  updated 
features.  Pricing  starts  at 
$40,000. 

Dump  road  warriors’ 
docking  stations . . . 

. . .  and  replace  them  with  USB 
port  replicators.  Matthew 
Chang,  marketing  manager  at 
Addlogix  Inc.  in  Irvine,  Calif., 
boasts  that  his  company’s 
UniXpress  device  needs  only 
a  single  USB  connection  to  a 
laptop  PC  to  handle  signals 
from  your  monitor,  keyboard, 
mouse,  LAN,  printer,  speak¬ 
ers  and  more.  And  you  can  at¬ 
tach  a  second  monitor  to  the 
$179  unit  and  use  it  with  your 
laptop’s  screen  to  create  a 
single  display.  Chang  says 
Addlogix  is  working  on  so- 
called  IP-KVM  technology 
that  lets  you  use  a  PC  across 
the  Internet  as  if  it  were  local. 
That  should  be  ready  in  Sep¬ 
tember,  he  says. 


HENNING 
knows  IT  is 
tired  of 
surveys. 


Free  is 
especi 


;aoq 
ally  i 


jood, 
it  . . . 

. . .  it’s  for  something  useful.  And 

Rosie  Hausler,  vice  president 
of  marketing  at  Nsite  Inc.  in 
Pleasanton,  Calif.,  believes 
you’ll  think  her  company’s  of¬ 
fer  of  free  access  for  100  users 
to  its  Nsite  Starter  Edition  is 
very  practical,  indeed.  The 
online  service  gives  you  tools 
to  manage  IT  service  re¬ 
quests,  work¬ 
ers’  time  off, 
employee  sta¬ 
tus  changes, 
travel  autho¬ 
rization  and 
staff  perfor¬ 
mance  re¬ 
views.  Hauser 
contends  that 
once  you  get 
hooked  on  the  Starter  Edi¬ 
tion,  you’ll  be  back  for  more, 
including  Nsite’s  flagship 
CRM  tools,  which  cost  $20 
per  user  on  a  monthly  basis. 
This  fall,  she  says,  the  compa¬ 
ny  will  add  self-service  tools 
for  creating  business  process 
automation  applications  us¬ 
ing  Nsite’s  predictive  routing 
engine.  The  idea  is  to  help 
automate  enterprise-to-enter- 
prise  activities,  using  busi¬ 
ness  rules  defined  by  your 
business  analysts.  The  best 
news  is  that  users  of  the  ser¬ 
vice  won’t  have  to  bother  IT, 
Hausler  claims.  “There’s  no 
coding,”  she  says.  “It’s  all 
drag-and-drop.” 


HAUSLER  is 
giving  away 
IT  services. 


Sharpen  security 
on  the  edge  of . . . 

...  the  corporate  network  by  “en¬ 
capsulating”  all  corporate  data  on 
mobile  devices.  That’s  the  theo¬ 
ry  behind  Trust  Enterprise 
Secure  (TES)  5.0,  which  is 
due  to  ship  late  this  month 
from  McLean,  Va. -based 
Trust  Digital  Inc.  CEO  Nick 
Magliato  says  the  software 
encrypts  your  applications 
and  their  data  “into  a  corpo¬ 
rate  capsule”  on  a  mobile  de¬ 
vice.  He  notes  that  knowledge 
workers  come  to  work  armed 


with  handhelds,  thumb  drives, 
iPods  and  all  manner  of  gad¬ 
gets,  some  of  which  actually 
help  them  do  their  jobs  but 
all  of  which  can  carry  sensi¬ 
tive  company  info.  TES  can 
secure  the  data,  identify  de¬ 
vices  that  are  trying  to  access 
your  network  and  give  you 
the  power  to  refuse  them  ac¬ 
cess.  For  example,  Maglifito 
claims  that  the  software  will 
let  you  set  a  policy  dictating 
that  only  Palm  handhelds  are 
acceptable  or  that  no  USB  de¬ 
vices  can  connect  to  a  given 
LAN  segment.  The  TES  serv¬ 
er  software  costs  $20,000,  and 
client  licenses  start  at  $100 
per  employee. 


Computer  porn 
problem  persists . . . 

. . .  inside  the  Fortune  500.  Ac¬ 
cording  to  a  survey  conduct¬ 
ed  in  May  by  Atlanta-based 
Delta  Consulting,  half  of 
the  50  executives  who  were 
polled  said  their  companies 
have  had  incidents  in  which 


employees  were  disciplined 
for  maintaining  pornographic 
images  on  their  computers 
[QuickLink  a6330].  That’s 
why  Jack  Sunderlage  argues 
that  IT  needs  to  protect  its 
employees 
from  the 
rude,  crude 
and  possibly 
illegal  im¬ 
ages  circu¬ 
lating  in  the 
workplace. 

Naturally, 
the  CEO  of 
Content- 
Watch  Inc. 
in  Salt  Lake 


70% 

Percentage  of 
U.K.  workers 
with  porn  on 
their  comput¬ 
ers,  says  the 
Chartered 
Institute  of 
Personnel  and 
Development. 


City  wants  you  to  choose 
ContentProtect  2.0  when  it 
ships  this  month.  The  $40- 
per-seat  client  software  pre¬ 
vents  prurient  end  users  from 
reaching  places  deemed  to  be 
porn  sites  by  ContentProtect. 
Sunderlage  claims  the  up¬ 
grade  is  400%  faster  than  the 
current  Version  1.8  and  in¬ 
cludes  improved  mass-de¬ 
ployment  tools.  O  55303 
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Microsoft  Taps  Japan 
For  Software  Research 

TOKYO 

icrosoft  corp.  is  teaming  with 
six  elite  Japanese  universities  in 
a  bid  to  expand  its  software  re¬ 
search,  Bill  Gates,  the  company’s  chair¬ 
man  and  chief  software  architect,  said 
at  a  news  conference  here  last  week. 

The  Microsoft  Institute  for  Japanese 
Academic  Research  Collaboration, 
which  opened  July  1,  will  develop  nat¬ 
ural-language  and  speech  recognition 
software  as  well  as  advanced  user 
interfaces. 

“Software  today  is  very  simple  com¬ 
pared  to  what  it  will  become  in  the  fu¬ 
ture,”  Gates  said.  Voice 
recognition,  visual 
recognition  and  artifi¬ 
cial  intelligence  systems 
“are  still  just  a  dream,” 
he  noted,  adding  that 
companies  such  as  Xe¬ 
rox  Corp.  have  failed  to 
turn  their  research  in¬ 
vestments  into  com¬ 
mercial  products. 

“We  want  to  change 
that  and  keep  a  strong 
relationship  between 


products  and  research,”  he  said. 

Microsoft  will  give  the  institute’s 
researchers  its  latest  software  and  set 
up  fellowships  and  scholarships  to  pro¬ 
mote  the  research,  Gates  said.  He  de¬ 
clined  to  say  how  much  Microsoft  is 
investing  in  the  venture. 

■  PAUL  KALLENDER,  IDG  NEWS  SERVICE 


Trial  of  Sasser  Suspect 
Begins  This  Week 

OOSSELDORF,  GERMANY 

he  trial  of  19-year-old  Sven 
Jaschan,  accused  of  creating  and 
releasing  the  Sasser  worm  respon¬ 
sible  for  crashing  hundreds  of  thou¬ 
sands  of  computers  worldwide  in  May 
2004,  begins  this  week 
in  Verden,  Germany. 

The  student  from 
Waffensen,  Germany, 
was  arrested  in  May  of 
last  year  and  indicted 
in  September.  Jaschan 
has  been  charged  with 
computer  sabotage, 
data  manipulation  and 
disruption  of  public 
systems.  In  Germany, 
computer  sabotage  car¬ 
ries  a  maximum  sen¬ 


tence  of  five  years  in  prison. 

The  Sasser  worm,  which  spread 
quickly  via  the  Internet,  exploited  a 
hole  in  Windows  [QuickLink  49318]. 

In  the  U.S.,  for  example,  Sasser  hit 
unpatched  desktop  systems  at  Ameri¬ 
can  Express  Co.  and  Boston  College 
[QuickLink  46662]. 

German  prosecutors  have  chosen  as 
plaintiffs  three  of  the  country’s  city 
governments  and  a  broadcaster  whose 
systems  were  disrupted  by  Sasser. 

■  JOHN  BLAU,  IDG  NEWS  SERVICE 


India  Distributes  Free 
Software  to  Citizenry 

BANGALORE,  INDIA 

he  government  of  India  plans  to 
provide  CDs  of  free  desktop  soft¬ 
ware  in  22  local  languages  to  all 
of  its  citizens  in  hopes  of  broadening 
computer  use  in  the  country,  especially 
in  rural  areas. 

India’s  Centre  for  Development  of 
Advanced  Computing,  a  Pune-based 
government  organization,  is  already 
distributing  CDs  with  open-source 
software  in  Tamil  and  Hindi,  and  it 
plans  to  release  a  Punjabi-language  ver¬ 
sion  this  summer,  staff  scientist  R.K.V.S. 
Raman  said  last  week.  The  CD  includes 
a  Web  browser,  an  e-mail  client  and 
word  processing  software.  ©  55302 
■  JOHN  RIBEIR0,  IDG  NEWS  SERVICE 


Compiled  by  Mitch  Betts. 


Briefly  Noted 

The  U.K.  Office  for  National  Sta¬ 
tistics  has  incorporated  data  visu¬ 
alization  software  from  Corda  Tech¬ 
nologies  Inc,  in  its  new  Neighbour¬ 
hood  Statistics  Web  site,  the  Lin- 
don,  Utah-based  vendor  announced 
last  week.  Corda's  PopChart  soft¬ 
ware  lets  visitors  use  interactive 
charts  and  graphs  to  view  govern¬ 
ment  data  at  the  local  level. 


Yamagata  Bank  Ltd.,  a  regional 
bank  based  in  Tokyo,  has  selected 
predictive  analytics  software  from 
SPSS  Inc.  to  improve  its  housing 
credit  operations.  Chicago-based 
SPSS  said  last  week  that  the  bank 
plans  to  develop  a  credit  scoring 
system  for  housing  loans. 


Companhia  Vale  do  Rio  Doce 
(CVRD),  the  largest  mining  compa¬ 
ny  in  South  America,  has  awarded 
Quadrem  International  Ltd.  a  five- 
year  contract  for  e-procurement 
services,  the  Plano,  Texas-based 
vendor  said  last  week.  CVRD,  based 
in  Rio  de  Janeiro,  expects  to  elec¬ 
tronically  purchase  100%  of  the 
materials  and  services  it  uses  by 
the  end  of  next  year. 


Alleged  Data  Theft  in  India 
Puts  Spotlight  on  Security 


BY  JAIKUMAR  VIJAYAN 

Recent  data  compromises  in¬ 
volving  outsourcing  vendors 
in  India  are  focusing  renewed 
attention  on  offshore  security 
and  privacy  safeguards.  But  so 
far,  at  least,  they  haven’t  re¬ 
sulted  in  any  calls  for  addi¬ 
tional  controls  from  U.S. 
clients,  according  to  execu¬ 
tives  at  several  Indian  firms. 

The  most  recent  incident 
involved  the  alleged  sale  of 
information  about  more  than 
1,000  U.K.  bank  accounts  to  a 
British  newspaper.  The  data 
was  obtained  by  an  individual 
in  New  Delhi  from  call  center 
contacts  and  sold  to  a  reporter 
from  The  Sun,  according  to  a 
story  that  the  London-based 
tabloid  published  on  June  23. 

That  was  the  second  such 


security  breach  involving  In¬ 
dia’s  call  center  and  business 
process  outsourcing  industry 
to  be  reported  in  recent 
months.  In  April,  12  people, 
including  three  former  call 
center  employees  of  Mumbai- 
based  Mphasis  BFL  Group, 
were  arrested  in  India  for  al¬ 
legedly  defrauding  four  Citi¬ 
bank  account  holders  in  New 
York  of  more  than  $300,000 
[QuickLink  53634]. 

“These  things  are  scary,” 
said  the  vice  president  of  tech¬ 
nology  planning  and  develop¬ 
ment  at  a  large  investment 
management  firm  in  the  U.S. 
The  IT  manager,  who  request¬ 
ed  anonymity,  said  his  compa¬ 
ny  has  outsourced  several  ap¬ 
plication  development  and 
maintenance  projects  to  a  firm 


in  India  and  already  has  sever¬ 
al  security  controls  in  place. 

For  instance,  the  offshore 
team  that  is  doing  the  devel¬ 
opment  work  has  no  access  to 
production  data  and  instead 
works  with  test  and  quality- 
control  information.  All  access 
to  nonpublic  data, 
such  as  Social  Secu¬ 
rity  numbers  and 
account  details,  is 
monitored,  recorded 
and  audited. 

The  company  also 
plans  to  roll  out  an 
event  notification 
and  management 
tool  that  is  designed 
to  give  U.S.  IT 
staffers  even  greater 
visibility  into  what’s  going  on 
at  the  facilities  in  India,  the  IT 
manager  said. 

Those  measures  are  being 
reviewed  as  a  result  of  the  al¬ 
leged  security  breaches,  but 
there’s  no  immediate  plan  to 


add  more  controls,  he  said. 

“A  very  public  security 
breach  like  this  has  naturally 
created  some  concern.  But  it 
has  not  created  any  backlash 
among  customers,”  said  Marc 
Hebert,  executive  vice  presi¬ 
dent  at  Fremont,  Calif. -based 
Sierra  Atlanta  Inc., 
which  has  an  IT  ser¬ 
vices  facility  in  Hy¬ 
derabad,  India. 

Much  of  that  may 
stem  from  the  fact 
that  U.S.  companies 
have  been  requiring 
greater  security  con¬ 
trols  on  the  part  of 
vendors  in  India  for 
some  time  now,  said 
Sumedh  Mehta,  se¬ 
nior  vice  president  of  financial 
services  at  Mumbai-based  Pat- 
ni  Computer  Systems  Ltd. 

Mehta  noted  that  several  of 
Patni’s  customers  in  the  finan¬ 
cial  services  sector  have  a 
laundry  list  of  security  re¬ 


quirements  that  includes  bio¬ 
metric  access  controls,  camera 
surveillance  of  operations 
staff,  two-factor  user  authenti¬ 
cation,  data  encryption,  data¬ 
base  monitoring  and  employee 
background  checks. 

“You  can’t  get  past  the  first 
meeting  without  showing 
what  kind  of  security  mea¬ 
sures  you  have,”  Mehta  said. 
Even  so,  more  incidents  could 
have  an  impact  on  the  level  of 
the  IT  work  that  is  entrusted 
to  Indian  vendors,  he  added. 

In  an  apparent  bid  to  stave 
off  such  concerns,  the  Delhi- 
based  National  Association  of 
Software  and  Service  Compa¬ 
nies  issued  a  statement  saying 
that  it’s  working  with  the  Indi¬ 
an  government  to  toughen 
data  protection  laws.  Nasscom 
also  is  creating  a  centralized 
information  repository  for 
conducting  background 
checks  on  job  applicants 
[QuickLink  53817].  ©  55348 


HEBERT  says  the 
alleged  breach  has 
not  led  to  backlash 
from  customers. 
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Inaction  on  Offshoring  Will 
Hurt  U.S.  IT,  Author  Says 


Hira  claims  that 
job  shifts  threaten 
ability  to  innovate 

BY  PATRICK  THIBODEAU 

U.S.  political 
and  business 
leaders  are  in  a 
state  of  denial 
over  the  impact 
of  offshore  out¬ 
sourcing,  broth¬ 
ers  and  co-au¬ 
thors  Ron  and 
Anil  Hira  argue 
in  their  new  book,  Outsourcing 
America  (Amacom,  2005).  Ron 
Hira,  an  assistant  professor  of 
public  policy  at  the  Rochester 
Institute  of  Technology  in  New 
York,  said  in  an  interview  with 
Computerworld  last  week  that 
some  actions  need  to  be  taken 
in  response  to  the  offshoring 


trend.  Excerpts  from  the  inter¬ 
view  follow: 

By  offshoring  a  lot  of  our  IT  work, 
is  the  U.S.  losing  its  ability  to  in¬ 
novate?  I  personally  think  that 
is  true  in  a  number  of  re¬ 
spects.  You’re  creating  the 
next  generation  of  entrepre¬ 
neurs  overseas.  If  you  look  at 
the  IT  services  firms  in  partic¬ 
ular,  who  are  sort  of  the  first 
movers  in  all  of  this,  they 
don’t  do  a  lot  of  research  and 
development,  but  that  doesn’t 
mean  they’re  not  innovative. 
What  they’re  doing  is  incre¬ 
mental  innovation,  and  a  lot  of 
the  capabilities  are  built  into 
the  learning  the  workers  actu¬ 
ally  gain  [on  projects].  And 
a  lot  of  these  companies  are 
started  by  people  who  have 
worked  at  other  companies. 
You  are  going  to  be  losing  that 


next  generation  of  potential 
entrepreneurs. 

Are  you  worried  that  the  U.S.  is 
going  to  lose  its  ability  to  stay 
ahead  of  the  global  IT  market¬ 
place?  I  don’t  think  we  can  sit 
on  our  hands.  I’m  worried  by 
the  inaction.  We’re  at  a  state 
where  essentially  nothing  has 
happened.  U.S.  companies 

may  succeed,  but  _ _ 

they  won’t  neces¬ 
sarily  succeed 
with  U.S.  workers, 
and  that  concerns 
me  about  our  fu¬ 
ture.  I  do  think  we 
need  to  take  some 
responses  here. 


What  responses  can 
be  taken?  There  are 
some  no-brainer 
responses.  [For  ex- 


ample,]  extending  trade  ad¬ 
justment  assistance  to  services 
workers.  Software  workers 
who  are  displaced  by  trade  — 
and  they  are  clearly  being  dis¬ 
placed  by  trade  —  are  not  eli¬ 
gible  for  trade  adjustment  as¬ 
sistance.  It’s  extended  unem¬ 
ployment  insurance,  health 
care  benefits  and  retraining 
money. 

What  else  should  be  done?  The 

first  step  is  that  we  acknowl¬ 
edge  that  this  causes  prob¬ 
lems.  There  are  a  lot  of  people 
out  there  who  say  that  this 
really  isn’t  a  problem.  One  of 
the  other  things 
that  we  could  be 
doing  is  collecting 
objective  data  on 
this.  The  McKin- 
sey  Global  Insti¬ 
tute,  which  bene¬ 
fits  from  out¬ 
sourcing  and 
which  consults 
L  and  helps  compa- 
f  nies  figure  out 
how  to  outsource 
more,  just  came 


Continued  from  page  1 

Wachovia 

[cost]  savings,  and  we  were 
talking  to  our  peers  in  the 
industry  that  had  made  pro¬ 
ductive  savings  through  off¬ 
shoring  and  could  attest  to 
the  quality  of  the  work,”  said 
Davis. 

The  Charlotte-based  bank, 
which  shared  its  outsourcing 
plans  with  employees  the 
week  of  June  20,  has  taken  a 
course  that  maps  with  those  of 
other  large  banks,  such  as 
ABN  Amro  Bank  NV.  These 
businesses  are  leveraging  la¬ 
bor  arbitrage  and  creating  op¬ 
erational  efficiencies  by  using 
a  “follow  the  sun”  approach  to 
IT  processing,  said  Bradway. 

By  outsourcing  application 
support  to  global  services 
firms  with  regional  capabili¬ 
ties  in,  say,  the  Far  East  and 
Eastern  Europe,  Wachovia  and 
other  banks  “can  quite  easily 
compress  the  time  it  takes  to 
deliver  support  requirements,” 
he  noted. 

Wachovia  successfully  out¬ 


sourced  two  development 
projects  to  an  Indian  firm  in 
the  late  1990s  and  made  use 
of  an  Eastern  European  firm 
to  help  it  integrate  its  broker¬ 
age  systems  with  those  of  Pru¬ 
dential  Securities  following 
the  companies’  July  2003 
merger,  said  Davis. 

Davis  declined  to  name  spe¬ 
cific  applications  throughout 
each  of  the  bank’s  divisions 


that  have  been  targeted  for 
offshoring.  However,  she  did 
say  that  Wachovia  will  not  be 
outsourcing  support  for  core 
production  systems,  nor  will  it 
be  offshoring  support  for  any 
systems  that  contain  sensitive 
customer  information. 

Instead,  the  systems  being 
targeted  by  Wachovia  support 
back-office  operations,  such  as 
applications  that  generate  dai¬ 


ly  reports  or  overnight  proc¬ 
essing  systems,  said  Davis. 

“For  instance,  the  CIO  team 
that  supports  the  retail  bank 
has  selected  maybe  a  dozen 
applications  for  this  first 
round  of  review  out  of  hun¬ 
dreds,”  she  said. 

“Wachovia  isn’t  terribly  dif¬ 
ferent  from  what  a  lot  of  Wall 
Street  firms  have  done,  out¬ 
sourcing  less  time-critical  and 


ABN  Amro  to  Outsource  2,300  IT  Jobs 


ABN  AMRO  BANK  plans  to  out¬ 
source  2,300  IT  jobs  later  this 
year  in  a  continuing  effort  to  cut 
costs,  according  to  insiders  fa¬ 
miliar  with  the  bank’s  plans. 

ABN  Amro  spokesman  Sierk 
Nawijn  confirmed  last  week  that 
the  bank  is  negotiating  several 
outsourcing  contracts  but  de¬ 
clined  to  say  how  many  of  its 
3,500  IT  workers  will  be  affected 
by  the  moves. 

Nawijn  did  say  that  some 
of  the  affected  employees  will 
transfer  to  the  outsourcing  firms. 


The  IT  workforce  has  already 
been  cut  by  1,500  in  recent  lay¬ 
offs,  bringing  the  total  head  count 
to  3,500.  Insiders  expect  ABN 
Amro  to  employ  1,200  IT  workers 
sometime  after  the  outsourcing 
contracts  are  signed  this  fall. 

The  workforce  reduction  is 
part  of  a  plan  to  save  more  than 
$1  billion  annually  [QuickLink 
51619],  ABN  Amro  employs 
97,000  workers  in  3,000 
branches  around  the  world. 

Nawijn  said  ABN  Amro  is  ne¬ 
gotiating  with  several  firms  for 


multiple  outsourcing  contracts. 

The  bank  had  been  in  discus¬ 
sions  with  both  Hewlett-Packard 
Co.  and  IBM  about  outsourcing 
its  IT  infrastructure  but  is  now  in 
talks  only  with  IBM. 

Nawijn  said  the  bank  is  in  ne¬ 
gotiations  with  Accenture  Ltd., 
IBM  and  Indian  companies  Info- 
sys  Technologies  Ltd,,  Patni 
Computer  Systems  Ltd.  and  Tata 
Consultancy  Services  Ltd.  to  out¬ 
source  its  application  develop¬ 
ment  operations. 

ABN  Amro  is  also  in  talks  with 
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out  with  another  study  two 
weeks  ago.  I  don’t  think  that 
we  should  be  relying  on  their 
data  in  order  to  have  a  public 
discussion. 

Will  a  combination  of  business 
and  technical  skills  be  enough  to 
ensure  future  employment  for 
U.S.  IT  workers?  The  labor 
market  here  is  going  to  be  flat 
or  shrink  to  some  extent  in  re¬ 
sponse  to  [offshoring],  unless 
there  is  a  real  increase  in  de¬ 
mand,  and  I  don’t  see  that. 

I’ve  heard  a  lot  of  people  talk 
about  the  need  for  a  mix  of 
business  and  IT  capabilities  — 
just  being  a  good  programmer 
is  not  enough.  If  that  were 
true,  we  would  expect  to  see 
MIS  programs  in  business 
schools  booming  because 
there  would  be  so  many  com¬ 
panies  knocking  on  their  doors 
trying  to  hire  their  graduates. 
The  reality  is,  enrollments  are 
down  significantly  in  those 
MIS  programs,  too.  The  labor 
market  signals  aren’t  there  yet 
that  that’s  where  you  need  to 
be.  ©  55326 


customer-sensitive  [data  pro¬ 
cessing],”  said  Robert  Iati,  an 
analyst  at  The  Tabb  Group  in 
Westboro,  Mass. 

Davis  declined  to  name  the 
three  vendors  Wachovia  is  ne¬ 
gotiating  with  but  said  one  is 
based  in  the  U.S.  and  one  is  in 
India.  She  declined  to  give  the 
location  of  the  third  vendor. 

All  three  offer  global  process¬ 
ing  support,  she  said.  ©  55338 


Infosys  and  Tata  about  outsourc¬ 
ing  its  application  maintenance 
operations,  he  said. 

All  of  the  deals  should  be  done 
around  September,  Nawijn  said. 

Larry  Tabb,  an  analyst  at  The 
Tabb  Group,  said  financial  firms 
are  under  tremendous  cost  pres¬ 
sures  and  need  to  rethink  how 
they  run  their  organizations. 

If  done  right,  Tabb  said,  out¬ 
sourcing  can  reduce  a  compa¬ 
ny’s  costs  and  enable  the  people 
left  within  the  organization  to  fo¬ 
cus  on  the  high-priority  projects 
and  the  things  that  make  a  differ¬ 
ence  to  the  bottom  line. 

-  Linda  Rosancrance 
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AMD:  All  My  Disgust 


IT  WAS  ONLY  a  matter  of  time  before  Ad¬ 
vanced  Micro  Devices  filed  an  antitrust  law¬ 
suit  against  Intel,  alleging  that  its  nemesis  for 
years  has  engaged  in  anticompetitive  practices 
that  bullied  hardware  vendors  into  shunning 
AMD’s  processors.  As  I’ve  mentioned  in  this  space 


before,  you  don’t  have  to 
look  any  further  than  Dell 
to  see  what’s  been  going 
on  [QuickLink  54068]. 

Dare  to  use  AMD  proces¬ 
sors,  and  you’ll  pay  dearly 
by  losing  those  sweet 
pricing  deals. 

It’s  hard  to  fathom  that 
Intel  will  fight  the  allega¬ 
tions  with  a  wholesale 
denial  that  it  uses  strong- 
arm  tactics.  When  a  re¬ 
port  released  in  March  by 
the  Japan  Fair  Trade  Commission 
concluded  that  Intel  contravened 
Japan’s  Antimonopoly  Act  by  com¬ 
pelling  five  major  PC  vendors  to 
either  be  all-Intel  all  the  time  or  cap 
their  use  of  non-Intel  processors  at 
10%,  it  forced  Intel  to  show  its  hand. 
The  company  opted  not  to  officially 
challenge  the  report’s  findings.  Good 
call.  A  lot  of  this  stuff  is  so  blatant 
that  plausible  denial  isn’t  even  an 
option. 

That’s  not  to  say  Intel  won’t  put  up 
a  fight.  It  will  engage  in  the  kind  of 
legal  maneuvering  that  only  obscene 
amounts  of  money  can  buy,  so  that 
the  case  becomes  so  convoluted  that 
it  will  languish  in  legal  limbo  until 
the  Gateway  cows  come  home. 
Meanwhile,  life  will  go  on,  and  hard¬ 
ware  vendors  will  continue  to  be 
beaten  into  submission  with  Intel’s 
pocketbook. 

ITiere’s  a  lot  that’s  disgusting  about 
all  this,  but  only  about  a  third  of  my 
disgust  is  directed  at  Intel.  I’m  pretty 
disgusted,  though,  so  that’s  still  a  lot. 
Watching  out  for  the  best  interests  of 
your  employees  and  shareholders  is 
certainly  commendable,  but  when 
you  do  it  at  the  expense  of  fairness 
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and  respect  for  your 
partners  and  competi¬ 
tors,  you  deserve  all  the 
disdain  you  get. 

Another  third  of  my 
disgust  is  directed  at  the 
wimpy  hardware  ven¬ 
dors  that  allow  them¬ 
selves  to  be  manipulated 
by  Intel.  In  its  48-page 
complaint,  AMD  alleges 
that  in  2001,  Gateway 
CEO  Ted  Waitt  told  an 
AMD  executive  that  his 
company  had  been  offered  “large 
sums”  not  to  do  business  with  AMD. 
“I  have  to  find  a  way  back  to  prof¬ 
itability.  If  by  dropping  you,  I  be¬ 
come  profitable,  that  is  what  I  will 
do,”  the  complaint  claims  Waitt  said. 

Of  course  we  don’t  know  if  Waitt 
really  said  that,  or  anything  like  it. 
But  there’s  little  question  that  hard¬ 
ware  vendor  executives  have  quiv¬ 


ered  and  buckled  to  a  degree  that’s 
downright  embarrassing.  If  they’d 
had  the  fortitude  to  stand  up  to  Intel, 
the  users  who  have  been  clamoring 
for  more  choice  would  have  been 
much  better  served. 

The  final  third  of  my  disgust  is  re¬ 
served  for  AMD.  Its  processor  tech¬ 
nology  is  every  bit  as  good  as  Intel’s, 
and  arguably  better.  The  only  way 
Intel  can  be  successful  in  its  alleged 
attempts  to  bully  vendors  into  shun¬ 
ning  AMD  chips  is  for  there  to  be  a 
perception  among  computer  buyers 
that  AMD’s  products  are  somehow 
inferior.  And  AMD  has  no  one  to 
blame  for  that  perception  but  itself. 
You  can’t  have  technology  that’s  at 
least  on  par  with  Intel’s  and  yet  have 
such  a  pathetically  small  share  of  the 
processor  market,  unless  your  mar¬ 
keting  and  execution  have  been 
mired  in  incompetence  for  years. 

It’s  a  shame  it  had  to  come  this. 
Every  Intel  and  AMD  dollar  that 
goes  into  a  lawyer’s  wallet  is  a  dollar 
that  could  have  gone  into  R&D  to 
make  better  products.  Now  that’s 
disgusting.  0  55310 


BRUCE  A.  STEWART 

Lying  Low, 
And  Thinking 
Big  Picture 

CIOs  ENGAGED  in  the 
long  march  toward  the 
technology-enabled 
enterprise  —  a  journey  that 

can  take  more  than  a  decade  —  try  to 
balance  their  desire  for  dependency  on 
technology  against  the  credibility  of 
the  IT  organization.  Paradoxically, 
though,  you  can  be  too  credible  for 
your  time,  and  you  just  might  have  to 
lose  some  credibility  to  gain  your  long¬ 
term  objectives. 

Let’s  look  at  a  very  successful  com¬ 
pany  in  the  wood  products  business.  It 
deals  in  volume,  looking  to  cut  prices 
per  unit  to  win  business  —  especially 
in  international  markets,  where  compe¬ 
tition  is  fierce  —  and  leverage  its  abili¬ 
ty  to  ship  large  quantities  of  product  to 
lock  in  large  cus¬ 
tomers  that  have 
heavy  demands.  In 
this  company,  IT  isn’t 
even  about  being  a 
basic  service  pro¬ 
vider  —  the  CEO’s 
focus  on  costs  makes 
every  decision  come 
out  as  “How  low  can 
you  go?”  As  a  result, 
in  the  past  year  the 
CIO  has  dismantled 
his  service  desk  op¬ 
eration,  locked  down 
PCs  to  minimize  the 
need  to  intervene, 
forced  further  prod¬ 
uct  duplication  out  of 
his  software  mix  and 
postponed  a  much-needed  upgrade  for 
yet  another  year. 

Why  is  this  CIO  acting  like  this? 
He’s  got  his  eye  on  the  bigger  picture. 
Today,  the  company  can  compete  in 
this  way,  and  the  CIO’s  mandate  is  to 
do  the  bare  minimum.  His  company 
was  involved  in  a  recent  merger  that 
has  forced  him  into  consolidation 
mode,  and  a  merger  of  two  competing 
firms  has  crippled  his  company’s  di¬ 
rect  competitor,  which  was  innovating 
through  technology  usage.  Basic  pari¬ 
ty  with  his  industry  as  it  currently  ex¬ 
ists  is  all  that’s  required,  so  his  archi¬ 
tectural  efforts  are  on  hold.  Increas¬ 
ingly,  the  CIO’s  capabilities  in  the  IT 
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organization  are  going  untested. 

But  his  long-term  picture  is  quite  dif¬ 
ferent.  In  a  few  years,  the  easy  timber- 
lands  the  company  is  currently  “min¬ 
ing”  will  be  gone  and  the  company  will 
need  to  be  more  selective  —  and  a  pro¬ 
gram  of  mill  consolidation  and  repur¬ 
posing  that’s  now  being  developed  will 
have  produced  its  results.  The  compa¬ 
ny  will  start  to  have  more  products  in 
the  mix  than  trains  of  stock  lumber. 
Further  industry  consolidation  and  the 
entry  of  a  new  player  through  acquisi¬ 
tion  will  have  changed  the  competitive 
landscape,  and  the  recently  changed 
leadership  at  the  top  of  the  Firm  will 
have  had  time  to  bring  into  focus  its 
vision  of  the  future.  The  time  will  be 
ripe  to  push  forward,  restoring  previ¬ 
ous  services  and  advocating  business 
transformation  through  reinvestment. 

Most  of  us  would  look  at  this  CIO 
and  shake  our  heads.  Withdrawing  ser¬ 
vices  and  hunkering  down  to  do  very 
little  for  a  few  years  isn’t  a  typical 
resume-building  move.  Yet  this  CIO 
has  committed  to  turning  this  com¬ 
modity  player  into  a  full-fledged  trad¬ 
ing  company  that  treats  each  raw  tree 
as  a  unique  asset  with  a  potentially  dif¬ 
ferent  value  path.  He  can’t  sell  that  idea 
today  —  after  all,  a  company  much  like 
his  own  has  swallowed  up  the  competi¬ 
tor  that  tried  this  model.  Believing  that 
the  long-term  legacy  is  more  important 
than  short-term  success,  he  will  wait  — 
and  match  the  perception  of  the  IT 
organization’s  capabilities  to  the  de¬ 
mands  placed  upon  it.  His  credibility 
thus  remains  high,  even  as  he  limits 
IT’s  ability  to  build  credibility. 

There  are  times  when  the  most  deci¬ 
sive  action  is  to  do  nothing.  ©  55238 


THORNTON  A.  MAY 


In  the  Minds 
Of  Next-Gen 
IT  Leaders 


I  RECENTLY  ATTEMPTED 
to  identify  the  skills  that 
next-generation  IT  leaders 
think  they  are  going  to  need 

in  order  to  be  successful  when  their 


turn  comes  to  run  IT. 

I  compiled  information  from  four 
sources:  the  IT  Leadership  Academy, 
which  has  a  database  of  1,500  CIOs; 
the  Berkeley  CIO  Institute,  whose 
current  class  consists  of  50  of  the  top 
next-generation  IT  leaders  in  the 


country;  the  56  soon-to-be 
MBAs  at  Ohio  State  Univer¬ 
sity’s  Fisher  College  of  Busi¬ 
ness;  and  the  1,200  gradu¬ 
ates  of  UCLA’s  Managing 
the  Information  Resource 
Program.  Thirteen  arrows 
for  the  career  quiver  of  the 
future  emerged.  Tomor¬ 
row’s  IT  leaders  must: 

1.  Know  minds  and  how 
to  change  them. 

2.  Be  able  to  grow  the  next 
generation  of  IT  leaders. 

3.  Innovate  and  create  new 
products  and  services. 

4.  Responsibly  manage  customer 
information. 

5.  Manage  technology  linearities. 

6.  Implement  cost  accounting. 

7.  Be  globally  aware. 

8.  Be  adept  at  storytelling. 

9.  Enable  collaboration  across 
the  enterprise. 

10.  Deliver  tools  that  enable  foresight 
and  insight. 

11.  Understand  what’s  needed  for 
regulatory  compliance. 

12.  Have  a  grasp  of  packaging  and 
sourcing  work. 

13.  Be  fully  cognizant  of  information 
security. 

Regulatory  compliance,  packaging/ 
sourcing  work  and  information  securi¬ 
ty  weren’t  real  surprises.  These  topics 
have  been  covered  in  articles  and  con¬ 


ferences  to  the  point  of 
nauseating  excess.  The  re¬ 
maining  10  skills  reveal  a 
great  deal  about  the  insight 
of  the  people  who  will  be 
at  the  helm  of  technology 
in  the  next  five  to  10  years. 

I  was  initially  surprised 
to  find  “Be  able  to  grow  the 
next  generation  of  IT  lead¬ 
ers”  close  to  the  top  of  the 
list.  But  next-generation 
leaders  are  fed  up  with 
having  to  work  from  igno¬ 
rance  and  make  do  with  the 
skills  at  hand.  Having  come  of  age  in  a 
period  when  money  for  professional 
development  was  very  limited,  this 
generation  has  a  history  of  acquiring 
skills  on  the  cheap.  Its  members  take 
their  lessons  where  they  find  them  and 
excel  at  extracting  leadership  nuggets 
from  their  environment.  Current  lead¬ 
ers  should  be  aware  that  their  actions 
are  being  scrutinized. 

The  next  generation  is  unusually 
sensitized  to  the  importance  of  mental 
models  (how  people  think)  and  the 
process  of  changing  how  people  think. 
One  of  the  questions  most  frequently 
posed  to  high-performance  CIOs  is, 
“How  did  you  convince  Executive  X  to 
support  Action  Y?” 

Next-generation  IT  leaders  are  total¬ 
ly  in  sync  with  senior  management’s 
desire  to  improve  the  top  line  by  creat¬ 


ing  IT-enabled  products  and  services. 

Led  by  academics  like  Rashi  Glazer 
of  the  Haas  School  of  Business  at  the 
University  of  California,  Berkeley, 
next-generation  IT  leaders  recognize 
that  the  customer  —  and,  more  specifi¬ 
cally,  information  about  the  customer 
—  is  a  company’s  most  important  as¬ 
set.  Since  the  inappropriate  manage¬ 
ment  of  customer  information  is  in  the 
news  nearly  every  day,  they  see  a  need 
for  significant  improvements  and  in¬ 
vestments  in  this  area. 

Next-generation  leaders  are  knowl¬ 
edgeable  about  the  criticality  of  cor¬ 
rectly  timing  technology  entrances  and 
exits.  The  cost  microscope  they  grew 
up  under  makes  them  aware  of  the 
need  for  fiscal  transparency,  and  low- 
cost  broadband  has  connected  them 
to  global  markets  and  competitors  for 
their  jobs.  The  next  generation  is  very 
aware  of  global  competition. 

And  the  truly  insightful  in  the  next 
generation  are  putting  down  their 
BlackBerry  devices,  pagers  and  cell 
phones  and  spending  time  fine-tuning 
their  ability  to  tell  compelling  stories. 

Having  spent  time  with  the  next- 
generation  IT  leaders,  I  think  the  future 
is  going  to  be  bright  indeed.  ©  55239 


OMore  columnists  and  links  to  archives  of  previous 
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Electronic  Medical  Records  Need  Capital 


The  ARTICLE  “Gingrich:  Elec¬ 
tronic  Health  Records  Needed 
in  U.S.”  [QuickLink  54639]  regard¬ 
ing  the  push  toward  electronic 
medical  records  addresses  a  theme 
that  can  enhance  the  quality  of 
medical  care.  What  the  article 
didn’t  address  were  the  obstacles 
blocking  universal  implementation. 

Cost  is  one  of  the  foremost  ob¬ 
stacles.  At  a  time  of  rising  malprac¬ 
tice  costs  and  a  stagnant  reim¬ 
bursement  schedule,  it’s  unlikely 
that  most  medical  practices  will  em¬ 
brace  technology  that  requires  a 
substantial  initial  investment  and 
the  ongoing  costs  of  software 
maintenance  and  staff  training.  The 
costs  of  running  a  medical  practice 
make  the  addition  of  electronic 
medical  records  a  luxury,  and  until 
the  nonphysician  community  is  will¬ 
ing  to  contribute  to  the  cost  of  es¬ 
tablishing  computerized  clinical 
systems,  there  is  little  financial  mo¬ 


tivation  to  adopt  a  new  way  of  doing 
things.  Without  the  infusion  of  capi¬ 
tal  into  the  medical  system  directed 
toward  computerization  of  clinical 
work,  it  is  unlikely  that  the  rate  of 
adoption  of  computers  will  change. 
Carey  M.  Delcau,  M.D. 

St.  Louis,  delcau@pol.net 


Encrypt  Ail  Data 

I  APPLAUD  C.J.  KELLY  in  her  ef¬ 
forts  to  creatively  comply  with  a 
pending  law  in  her  state’s  legisla¬ 
ture  to  secure  personal  information 
[“Protecting  Consumer  Data  on  the 
Cheap,”  QuickLink  54187]. 

But  I  would  argue  that  what  she 
is  doing  isn’t  enough.  Besides 
building  an  IDS,  she  also  needs  to 
think  about  encrypting  the  underly¬ 
ing  data.  Network  cryptography 
devices  from  companies  such  as 
Cylink  have  been  used  by  the  feder¬ 
al  government  and  banking  industry 


for  years.  Encryption  capabilities 
are  also  available  in  many  routers  to 
protect  data  leaving  the  premises 
and  also  automatically  decrypt  data 
once  it  hits  the  remote  office  router. 
VPN  concentrators  also  have  a 
place  in  branch  connectivity  solu¬ 
tions.  But  tapes,  CDs,  DVDs,  disk 
drives  and  other  storage  devices 
will  continue  to  leave  the  premises, 
either  through  off-site  data  rotation 
for  disaster  recovery,  decommis¬ 
sioned  equipment  or  outright  theft. 

Unfortunately,  there  are  few  tools 
out  there  to  help  encrypt  data  on 
storage  devices  and  manage  all  of 
the  encryption  keys. 

David  Edborg 

Director  of  high  availability 
solutions,  Corigelan  LLC, 
Chicago 


Tips  Were  on  Target 

I  READ  VIRTUALLY  every  article 
that  appears  on  the  subject  of 
rbsumbs,  and  I  can  assure  you,  as 


a  certified  rbsumb-writing  profes¬ 
sional,  that  the  advice  written  by 
Douglas  B.  Richardson  is  some  of 
the  most  accurate  I  have  seen  in 
some  time  [“When  a  Lengthy  Rb- 
sumb  Makes  Sense  for  Executives,” 
QuickLink  54597],  His  analysis, 
understanding  and  conclusions  on 
this  issue  are  totally  on  the  mark. 
Grant  Cooper,  CRW 
Strategic  Resumes, 

New  Orleans,  yww@gs.net 

COMPUTERWORLD  welcomes 
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Fax:(508)879-4843.  E-mail: 
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Include  an  address  and  phone 
number  for  immediate  verification. 
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Innovations  by  InterSystems 


Multidimensional  Database  Combines 
Robust  Objects  And  Robust  SQL. 


Rapid  Integration  Platform 
Makes  Applications  Perform  In  Concert. 


Imagine  being  able  to  rapidly  develop  applications 
that  run  much  faster,  with  massive  scalability. 

Now  you  can,  with  our  multidimensional  database 
for  transaction  processing  and  real-time  analytics. 

Only  Cache  combines  robust  objects  and  robust 
SQL,  thus  eliminating  object-relational  mapping. 

It  requires  little  administration,  delivers  speed  and 
scalability  on  minimal  hardware,  and  comes  with  a 
rapid  application  development  environment. 

These  innovations  mean  faster  time-to-market, 
lower  cost  of  operations,  and  higher  application 
performance.  We  back  these  claims  with  this 
money-back  guarantee:  Buy  Cache  for  new 
application  development,  and  for  up  to  one  year  you 
can  return  your  license  for  a  full  refund  if  you  are 
unhappy  for  any  reason.  * 

Innovative  database.  Guaranteed  performance. 


Imagine  being  able  to  get  your  applications  to 
perform  together  as  an  ensemble.  Easily. 

Now  you  can,  with  our  universal  integration 
platform. 

Ensemble  is  the  first  fusion  of  an  integration  server, 
data  server,  application  server,  and  portal  development 
software  -  in  a  single,  seamless  product.  This  is  the 
complete  ensemble  of  technologies  needed  for  rapid 
integration,  fast  development,  and  easy  management. 

These  innovations  mean  all  of  your  integration 
projects  will  be  completed  on  time  and  on  budget, 
with  a  simplified  learning  curve  for  your  IT  staff. 

We  back  these  claims  with  this  money- back  guarantee: 
For  up  to  one  year  after  you  purchase  Ensemble,  if  you 
are  unhappy  for  any  reason,  wed l  refund  100%  of  your 
license  fee.  * 

Innovative  integration.  Guaranteed  performance. 


InterSystems  f  InterSystems 

CACHE  ENSEMBLE 


For  a  free  copy  of  CACHE,  or  to  request  a  free  ENSEMBLE  proof-of-concept  project,  visit  www.InterSystems.com/Free5A 


•Read  about  our  money-back  guarantees  at  the  web  page  shown  above. 

©  2005  InterSystems  Corporation.  .Ml  rights  reserved,  InterSystems  Cache  and  InterSystems  Ensemble  arc  trademarks  oflntcrSystcms  Corporation.  6  05  ComboInnoSCoWo 
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FUTURE  WATCH 

Internet  Pioneer  Looks  Ahead 

Leonard  Kleinrock,  the  man  behind 
packet  switching,  predicts  the  advent  of 
“really  smart”  handhelds  with  features 
such  as  haptic  interfaces.  But  he  warns 
of  out-of-control  complexity.  Page  24 


Neither  Rain  Nor  Sleet 
Nor . . .  Hurricanes 

A  Florida  berry  supplier  turns  to 
MessageOne’s  Emergency  Mail 
System  to  ensure  e-mail  continuity 
during  all  sorts  of  disasters,  including 
Hurricane  Charley.  Page  22 


SECURITY  MANAGER’S  JOURNAL 

Eyeing  an  Opening 
For  Open-Source 

C.J.  Kelly  is  pleasantly  surprised 
when  her  boss  takes  an  interest 
in  exploring  some  open-source 
security  options.  Page  25 


ENTERPRISE  RIGHTS  MANAGEMENT 
SOFTWARE  ENSURES  THAT  SENSITIVE 
DOCUMENTS  AND  E-MAIL  CAN  BE 
CIRCULATED  AND  DON’T  END  UP  IN  THE 
WRONG  HANDS.  BY  ROBERT  L.  MITCHELL 


WHEN  CORNING  INC.  began  selling  products  for 

military  and  aerospace  use,  the  optical-fiber 
and  cabling  product  manufacturer  needed  a 
way  to  show  that  it  was  following  export 
controls  and  handling  sensitive  documents 
properly.  “The  government  regulations  are 
very  explicit,”  says  James  Scott,  director  of 
knowledge  and  information  management. 
To  meet  those  requirements,  the  Corning,  N.Y.-based  company  deployed 
enterprise  rights  management  (ERM)  software  from  Liquid  Machines  Inc. 

Coming’s  research  and  development  staff  uses  the  software  to  encrypt 
critical  documents  and  apply  rules  that  determine  not  just  who  has  access 
to  the  files  but  also  whether  they  can  print,  copy  or  forward  them  to  oth¬ 
ers.  The  system  also  establishes  a  chain  of  custody,  providing  an  audit  trail 
of  who  accessed  a  document  when  and  what  they  did  with  it.  “We  can  put 
our  hands  on  our  hearts  and  say  we  know  we  are  compliant,”  Scott  says. 

Government  contractors  such  as  Corning  aren’t  the  only  organizations 
thinking  about  document  security  these  days.  Recent  high-profile  data  thefts 
and  government  regulations  covering  everything  from  financial  disclosure 
to  customer  privacy  have  businesses  worrying  about  where  sensitive  e-mail 
is  going.  IT  organizations  are  struggling  to  control  both  dissemination  of 
and  access  to  corporate  data  contained  in  e-mail  messages,  Word  docu- 
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Here  are  five  things  to  think  about 
before  deploying  an  ERM  system. 


1  Start  with  high-value  content.  Broad 
deployment  of  the  technology  won’t  work  because 
most  systems  rely  on  users  to  apply  policy  tem¬ 
plates.  Although  tools  can  be  intuitive,  users  may  find 
them  inconvenient. 

2  Know  what  types  of  documents 
you  need  to  protect.  All  vendors  sup¬ 
port  Microsoft  Office  and  Outlook  and  PDF  files, 
but  support  for  other  client  applications  differs.  Some 
vendors  offer  a  universal  agent,  while  others  require  ap¬ 
plication-specific  agents  to  be  purchased  for  each  docu¬ 
ment  type  to  be  protected. 


3 


Classifications  are  key.  Defining 
document  classifications  and  developing  poli¬ 
cies  that  meet  business  needs  are  key  steps  to 


success  -  and  the  most  time-consuming  part  of  setting 
up  a  successful  ERM  system. 

4  Think  outside  the  ERM  box.  ERM 

systems  and  the  policy  classifications  created 
should  dovetail  with  records  management,  elec¬ 
tronic  content  management,  e-mail  and  other  systems 
such  as  engineering  software.  Look  for  partnerships  with 
the  vendors  of  your  software. 

5  Understand  the  implications 

of  widespread  encryption.  Protect¬ 
ed  files  are  encrypted.  That  means  knowledge 
management,  e-mail  archiving,  virus  scanning,  business 
continuity  and  other  systems  may  be  affected  unless 
those  programs  are  integrated  with  the  ERM  system. 

-  Robert  L.  Mitchell 


ments  or  other  electronic  document  formats.  Leaked 
customer  data  or  an  untimely  release  of  financial  in¬ 
formation  can  lead  to  public  embarrassments  as  well 
as  legal  fines. 

But  Corning,  like  many  other  organizations  with 
large  R&D  investments,  has  another  concern:  pro¬ 
tecting  documents  pertaining  to  intellectual  property 
that  it’s  developing.  “Many  companies  are  very  lax  in 
their  understanding  and  use  of  [ERM]  as  a  way  to 
protect  their  intellectual  property,”  Scott  says. 

ERM  Inside 

Like  digital  rights  management  software,  ERM  prod¬ 
ucts  lock  documents  by  encrypting  them.  But  while 
DRM  focuses  on  the  consumer,  ERM  systems  are  de¬ 
signed  to  support  document  security  policies  bpth 
within  and  between  businesses  and  to  provide  an  au¬ 
dit  trail  (see  diagram  on  page  20). 

In  an  ERM  system,  a  policy  server  stores  encryp¬ 
tion  keys,  authorizes  user  access  to  documents  and 
maintains  policy  templates  that  store  rules  that  dic¬ 
tate  what  users  in  different  roles  can  do  with  differ¬ 
ent  classes  of  documents.  Users  then  apply  those 
policies  to  documents  as  they  create  them.  Most 
products  require  users  to  run  agent  software  or  plug¬ 
ins  designed  to  work  with  specific  applications,  such 


IS  YOUR  DATA  IN  THE  RIGHT  PLACE? 

Introducing  Hitachi  HiCommarid®  Tiered  Storage  Manager  software,  these  days  it’s  not  enough  to  just  keep  data  anyplace.  It  needs  to  be  in  the  right  place 
at  the  right  time— based  on  how  your  applications  use  it. Our  new  HiCommand®  Tiered  Storage  Manager  helps  you  optimize  data  placement, align  application 
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as  Microsoft  Word  or  Internet  Explorer.  Others,  such 
as  Microsoft  Corp.’s  Rights  Management  Services 
(RMS),  require  that  applications  be  modified  to  na¬ 
tively  support  the  ERM  system’s  application  pro¬ 
gramming  interfaces  (API).  Most  also  require  an 
identity  management  infrastructure. 

“If  you  don’t  have  an  enterprise  directory,  it  will  be 
more  challenging,”  says  Trent  Henry,  an  analyst  at 
Burton  Group  in  Midvale,  Utah. 

The  ERM  market,  initially  dominated  by  many 
small  vendors,  was  given  a  big  boost  in  the  past  cou¬ 
ple  of  years  with  the  entry  of  Microsoft  and  Adobe 
Systems  Inc.  Both  RMS  and  Adobe’s  LiveCycle  Poli¬ 
cy  Server  require  applications  to  be  rewritten  to  sup¬ 
port  their  APIs.  As  a  result,  application  support  is 
very  limited.  Adobe’s  product  supports  PDFs  only, 
although  the  company  says  third  parties  provide 
agents  for  some  other  applications.  Microsoft’s  sys¬ 
tem  supports  only  Office  2003  documents.  It  relies 
on  third  parties  to  offer  centralized  policy  manage¬ 
ment  features  and  provide  agents  to  support  non- 
compliant  applications. 

Other  vendors  focus  on  providing  an  agent  software 
overlay  rather  than  relying  on  third  parties  to  rewrite 
their  applications.  Companies  such  as  Authentica 
Inc.  in  Lexington,  Mass.,  have  more-established 


DRM’s  Language-Rights  Wars 


INTEROPERABILITY  OF  ERM  SYSTEMS 

depends  on  standards.  But  much  of  the  technology  be¬ 
hind  ERM  is  based  on  what’s  going  on  in  the  consumer 
space  with  digital  rights  management,  and  those  stan¬ 
dards  are  currently  the  focus  of  intense  debate. 

One  area  of  contention  surrounds  which  markup  lan¬ 
guage  to  use  to  enable  interoperability  between  DRM 
systems.  The  debate  pits  the  Extensible  Rights  Markup 
Language  against  the  Open  Digital  Rights  Language.  A 
variant  of  the  former  has  become  part  of  a  relatively  new 
International  Standards  Organization  standard  called 
MPEG  Rights  Expression  Language  (REL).  But  the  stan¬ 
dard  is  derived  from  intellectual  property  owned  by 
Bethesda,  Md.-based  ContentGuard  Inc.,  which  is 
owned  in  part  by  Microsoft.  Although  the  intellectual 
property  in  the  standard  must  meet  the  ISO's  require¬ 
ment  that  it  be  made  available  under  reasonable  and 
nondiscriminatory  licensing  terms,  it's  not  royalty-free. 


“We  believe  that  solutions  that  use  this  ISO  REL  are 
likely  to  infringe  on  our  patents,”  says  ContentGuard  in¬ 
terim  co-CEO  Bruce  Gitlin.  Furthermore,  its  patents  on 
DRM  are  sufficiently  broad  that  “it’s  likely  that  any  DRM 
solution  would  infringe  on  one  of  our  patents.” 

“There’s  a  huge,  raucous  debate  about  ContentGuard’s 
role,”  says  Trent  Henry,  an  analyst  at  Burton  Group. 

Meanwhile,  Microsoft’s  ERM  competitors,  including 
Adobe  and  SealedMedia  Inc.,  are  keeping  their  distance. 

“I  do  not  agree  with  this  at  all,”  says  Martin  Lambert,  chief 
technology  officer  at  SealedMedia.  Patents  in  the  U.S.,  he 
laments,  are  “not  well  examined  by  the  patent  office,  but 
are  only  really  examined  by  the  courts  during  litigation.” 

Standards  may  have  to  wait  while  vendors  slug  it  out  in 
the  courts.  Already,  ContentGuard  is  "in  discussions  with 
everyone  we  know  that  has  a  DRM  product”  to  pursue  its 
claims,  Gitlin  says.  ERM  vendors  may  be  next. 

-  Robert  L.  Mitchell 
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products  but  offer  relatively  limited  application  sup¬ 
port.  Most  support  Office,  Acrobat,  HTML  and  Out¬ 
look  documents,  as  well  as  common  image  formats, 
such  as  TIFF.  But  few  support  files  created  for  other 
applications,  such  as  computer-aided  design  systems. 

Legal  Challenge 

Application  support  issues  held  back  Fred  Pretorius’ 
Microsoft  RMS  installation  at  Mintz,  Levin,  Cohn, 
Ferris,  Glovsky  and  Pope  PC.  The  Boston-based  law 
firm  wanted  to  use  ERM  to  protect  documents  both 
internally  and  when  routed  among  its  six  regional 
offices.  “You  don’t  want  someone  to  just  forward 
things  out,”  says  Pretorius,  acting  director  of  infor¬ 
mation  services. 

Although  the  practice  uses  an  all-Microsoft  IT  infra¬ 
structure,  desktops  had  to  be  upgraded  to  Office  2003 
before  RMS  could  be  deployed.  And  that  couldn’t  hap¬ 
pen  until  compatibility  problems  with  the  law  firm’s 
enterprise  content  management  system  were  resolved. 
In  the  interim,  Pretorius  could  have  used  third-party 
agent  software  on  desktops  to  allow  office  applications 
to  work  with  RMS.  He  passed  on  the  work-around. 

“It’s  the  interaction  of  these  add-ins  that  some¬ 
times  causes  problems,”  he  says.  “You’re  better  off 
waiting  for  Microsoft  than  dealing  with  the  integra¬ 
tion  nightmares.” 

The  system  is  now  in  pilot,  with  a  full  rollout  ex¬ 
pected  this  month.  It  wasn’t  difficult  to  set  up,  and 
users  find  the  interface  easy  to  use,  Pretorius  says.  But 
he  wasn’t  able  to  avoid  other  integration  issues  relat¬ 
ed  to  antivirus,  e-mail  archiving  and  enterprise  con¬ 
tent  management  systems.  Once  content  is  encrypt¬ 
ed,  it  can’t  be  scanned.  Without  adequate  safeguards 
on  the  desktop,  some  users  could  encrypt  infected 
files  and  spread  a  virus  by  routing  them  to  others. 

Pretorius’  e-mail  archiving  software,  Veritas  Soft¬ 
ware  Corp.’s  KVS  Enterprise  Vault,  doesn’t  have 
rights  to  view  encrypted  files  and  therefore  can’t  in¬ 
dex  them  for  searches.  But  he  says  users  are  willing 
to  live  with  that  for  now.  “It’s  an  ease-of-use  concern 
against  security,”  Pretorius  says.  Microsoft  product 
manager  Piyush  Lumba  says  Veritas  is  looking  into 
building  RMS  support  into  its  KVS  product.  Other 
vendors  have  formed  partnerships  with  key  vendors 
such  as  Veritas  and  EMC  Corp.’s  Documentum  unit. 

IT  should  consider  the  implications  of  the  wide¬ 
spread  application  of  encryption  to  documents 
throughout  the  organization,  says  Burton  Group’s 
Henry.  It  could  affect  business  continuity  plans  by 
slowing  down  the  data-recovery  process.  Other  chal¬ 
lenges  include  the  long-term  archiving  of  content  en¬ 
crypted  with  proprietary  techniques  and  the  ongoing 
management  of  the  keys  to  access  it. 

Currently,  RMS  lacks  the  centralized  controls  Pre¬ 
torius  would  prefer.  “Users  have  to  remember  to  pro¬ 
tect  their  content,”  he  says.  Pretorius  says  he’d  like  to 
layer  on  more-sophisticated  policy  services  from 
Meridio  Inc.  or  Liquid  Machines  that  he  hopes  could 
be  configured  to  automatically  apply  a  rights  man¬ 
agement  policy  based  on  the  user’s  role  or  the  type 
of  content  being  created. 

Coming’s  Scott  would  rather  not  automate  that 
process.  “We  want  our  users  to  think  about  docu¬ 
ment  classification  overtly,”  he  says.  The  more  im¬ 
mediate  problem,  he  says,  is  creating  document  secu¬ 
rity  “roles  and  rules,”  classifications  and  policies  that 


Microsoft’s  RMS  is  a  good  example 
of  how  an  ERM  system  works. 


H  The  document  creator  receives  policies  from  the 
server,  which  caches  them  for  off-line  use. 

0  The  author  applies  the  policies  to  a  document. 
The  file  is  encrypted  automatically,  and  rights  are 
persistently  attached. 

□  The  author  distributes  the  file. 

FI  The  recipient  opens  the  file.  The  software  agent 
or  Dynamic  Link  Library  within  the  application  calls 
the  policy  server,  which  validates  the  user  and  allows 
the  application  to  open  the  file.  The  application  ren¬ 
ders  the  file  and  enforces  assigned  rights,  such  as 
the  ability  to  view,  print,  copy/paste  or  forward. 

A  log  of  events  is  sent  back  to  the  server  to 
create  audit  trails. 
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fit  business  needs.  These  must  also  be  consistent 
with  document  classifications  used  in  other  areas, 
such  as  the  corporate  records  information  manage¬ 
ment  and  content  management  systems. 

“You  have  to  think  ahead  of  time  about  what  are 
the  roles,  the  groups,  and  go  through  the  homework 
of  creating  policies,”  says  Henry. 

That  process  can  take  more  than  a  year,  adds  Scott, 
but  he  says  it’s  essential  to  avoid  “classification  by 
exception.”  For  Corning,  that  process  was  especially 
difficult  because  Scott  identified  few  other  compa¬ 
nies  that  could  serve  as  a  model.  While  many  have 
three  or  four  classifications  for  paper  documents, 
few  have  addressed  electronic  documents.  “We  have 
not  found  many  leading  examples,”  he  says. 

Going  Outside 

Extending  the  protection  of  documents  outside  of 

the  corporate  firewall  presents  a  different _ 

set  of  challenges.  A  user  who  receives  a 
document  must  receive  authorization 
from  the  issuing  policy  server  before  it 
can  be  opened,  so  those  services  must  be 
made  accessible  from  the  Internet.  Recipi¬ 
ents  of  protected  documents  must  be  au- 
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thenticated  when  they  First  open  them  and  may  be 
required  to  do  so  each  time  they  view  the  files,  or 
users  may  be  issued  a  “lease”  that  allows  access  for  a 
specified  period. 

When  National  Occupational  Competency  Testing 
Institute  Inc.  (NOCTI)  needed  to  protect  Web  pages 
used  for  securing  its  online  testing  services,  RMS 
alone  wasn’t  sufficient.  “It  could  not  enforce  the 
rights  through  a  browser  for  a  machine  that  was  not 
a  member  of  my  domain,”  says  Shawn  Davis,  IT  man¬ 
ager.  He  uses  GigaMedia  Access  Corp.’s  GigaTrust 
product,  which  is  built  on  top  of  RMS. 

With  GigaTrust,  clients  use  a  plug-in  for  Internet 
Explorer.  GigaTrust  hosts  Microsoft  RMS,  which  is¬ 
sues  the  encryption  keys  to  unlock  requested  HTML 
test  pages  once  registered  users  log  into  the  testing 
Web  site.  Test  takers  can  view  and  interact  with  Web 
pages,  but  they  can’t  print  or  cut  and  paste  content. 

Because  the  client  PC  had  to  request  a  new  license 
to  retrieve  each  Web  page  and  then  decrypt  it,  load 
times  were  as  long  as  eight  seconds.  “That  was  a 
killer  for  us,”  Davis  says.  After  GigaMedia  modified 
its  software  to  allow  local  caching  of  the  client-access 
certificate,  load  times  dropped  to  about  two  seconds. 
Half  of  that  time  is  taken  up  in  decrypting  the  file, 
Davis  says.  The  performance  is  now  acceptable. 

Dealing  with  document  certificate  expirations  is 
another  issue.  If  the  defaults  aren’t  set  correctly  for  a 
given  use  case,  IT  managers  could  end  up  taking  an 
angry  call  from  the  CEO,  who  could  be  locked  out  of 
files  on  his  laptop  when  traveling.  While  NOCTI  re¬ 
quires  tight  controls  on  lease  times,  Microsoft’s  Lum¬ 
ba  says  his  company  is  more  liberal,  enabling  rights 
to  encrypted  e-mail  content  for  a  year. 

With  15%  of  NOCTI’s  customers  using  online  test¬ 
ing,  and  demand  growing  at  30%  to  40%  a  year,  docu¬ 
ment  security  has  been  a  critical  part  of  obtaining 
new  business.  “It’s  been  a  big  deal  for  us.  The  fact 
that  we’re  using  this  technology  has  been  a  primary 
selling  point  for  our  customers,”  Davis  says. 

ERM  technology  is  still  maturing,  says  Henry.  He 
describes  current  users  as  early  adopters  and  says 
nascent  industry  standards  aren’t  yet  fully  devel¬ 
oped.  For  example,  there  are  no  established  stan¬ 
dards  for  agent  software,  encryption,  key  manage¬ 
ment  or  a  common  rights  markup  language.  That 
could  be  a  problem  for  large  enterprises  if  business 
units  end  up  using  different  products,  he  says,  and  it 
makes  scalability  outside  of  the  enterprise  more  dif¬ 
ficult.  ERM  systems  are  also  expensive  and  may  av¬ 
erage  $100  to  $200  per  seat  and  $1  million  or  more  for 
enterprisewide  deployments. 

Nonetheless,  ERM  works  well  for  “tactical”  applica¬ 
tions  where  security  needs  are  high,  Henry  says.  Pro¬ 
tection  of  intellectual  property,  business-to-business 
e-mail  containing  sensitive  content  such  as  price 
lists,  or  strategic  information  shared  among  execu¬ 
tives  are  all  good  places  to  start.  And  he  warns  that 
some  users,  particularly  executives,  may  balk  at  the 
technology  if  it’s  too  complicated. 

_  But  that’s  not  a  problem  with  executives 

at  Pretorius’  firm.  “The  enthusiasm  for 
this  is  very  high,”  he  says.  RMS  has  been 
reliable,  Pretorius  says,  and  with  Service 
Pack  1  already  out,  he  thinks  there’s  no 
reason  not  to  go  forward.  “I  don’t  think 
anyone  needs  to  wait,”  he  says.  ©  55119 
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IT  WAS  AUGUST  OF  LAST  YEAR,  and 
the  Naples,  Fla.,  headquarters  of 
Global  Berry  Farms,  a  grower  and 
shipper  of  bush  berries,  was  di¬ 
rectly  in  the  path  of  a  hurricane 
named  Charley. 

That  concerned  MIS  manager  Brian 
Clancy  because  he  hadn’t  yet  figured 
out  a  cost-effective  way  to  keep  the 
company’s  e-mail  up  and  running  with¬ 
out  interruption. 

E-mail  had  become  one  of  Global 
Berry’s  most  important  communication 
tools,  and  the  company’s  five  regional 
sales  offices  spread  across  the  U.S.  all 
relied  on  the  Florida  headquarters  for 
their  e-mail  service,  says  Clancy.  Glob¬ 
al  Berry  uses  Microsoft  Corp.’s  Ex¬ 
change  Server  2003  for  e-mail,  he  says. 

The  IT  staff  had  spent  about  a  year 
reviewing  the  available  options,  and 
during  that  time,  it  decided  that  a  clus¬ 
tered  server  environment  was  the  only 
one  that  could  provide  a  redundant, 
highly  available  e-mail  system,  he  says. 

“We  market  fresh  berries  —  straw¬ 
berries,  blueberries  and  raspberries  — 
highly  perishable  products,  and  our  in¬ 
ventory  turns  over  within  24  hours.  We 
pull  it  in  and  ship  it  out  as  soon  as  pos¬ 
sible,”  says  John  O’Connor,  director  of 
information  systems  at  Global  Berry.  “In 
our  disaster  recovery  plan,  we  were  fo¬ 
cusing  on  e-mail  and  what  could  we  do 
to  keep  it  up,  keep  it  running.” 

However,  the  hardware  complexities, 
lack  of  protection  against  database  cor¬ 
ruption  and  the  problems  —  not  to  men¬ 
tion  the  cost  —  of  implementing  a  clus¬ 
ter  across  geographic  locations  soon 
had  the  company  pursuing  other  op¬ 
tions,  says  Clancy. 

After  viewing  an  online  demonstra¬ 
tion  of  a  Linux-based  e-mail  continuity 
product  called  Emergency  Mail  System 
from  MessageOne  Inc.  in  Austin,  Glob¬ 
al  Berry’s  IT  staff  decided  to  deploy 
it  in  the  company’s  Grand  Junction, 
Mich.,  and  Naples  locations,  he  says. 

Reliability  at  a  Low  Cost 

The  value  of  a  system  like  Message- 
One’s  EMS  is  that  it  provides  a  hot 
standby  mail  system  in  case  the  prima¬ 
ry  system  goes  down  —  and  it  costs 
much  iess  than  it  would  to  create  a  ful¬ 
ly  redundant  mail  system  in  a  second 
location,  says  Michael  Osterman,  an 
analyst  at  Osterman  Research  Inc.  in 
Black  Diamond,  Wash. 

An  added  benefit  is  that  the  system 
can  be  activated  over  the  Web  or  by 
telephone  within  a  very  short  time, 
and  users  can  access  the  EMS  service 
from  any  Web  browser,  he  says. 

Another  key  advantage  of  EMS  is 
that  it  continually  synchronizes  with 


users’  message  stores  so  that  they  have 
access  to  their  calendars,  contact  lists 
and  older  e-mails  for  the  duration  of 
the  emergency,  Osterman  says. 

MessageOne  is  focused  specifically 
on  business  continuity  for  e-mail,  com¬ 
munications  and  applications.  Other 
vendors,  including  FrontBridge  Tech¬ 
nologies  Inc.,  MessageLabs  Ltd.  and 
Critical  Path  Inc.,  may  focus  more  on 
security,  compliance,  hosted  e-mail 
boxes,  patch  management  and  disaster 


recovery,  says  Mark  Levitt,  an  analyst 
at  IDC  in  Framingham,  Mass. 

“MessageOne  has  a  compelling  mes¬ 
sage  about  getting  users  back  up  and 
running  quickly  —  60  seconds  —  in 
an  emergency,”  Levitt  says. 

Implementation  of  EMS  was  pretty 
painless,  Clancy  says.  The  first  thing 
Global  Berry’s  IT  staff  had  to  do  was 
work  with  the  company’s  Internet  ser¬ 
vice  provider  to  create  an  additional 
mail  exchange  record  for  the  compa¬ 


ny’s  domain  names,  GlobalBerryFarms 
and  GBFarms,  that  would  point  to  the 
EMS  system  as  the  backup  mail  server. 
EMS  is  hosted  at  a  disaster  recovery 
facility  in  Texas,  Clancy  says. 

“After  that,  I  installed  the  software.  It 
was  a  simple  wizard  that  you  go  through 
—  click  next,  next,  next  for  everything,” 
he  says.  “That  installed  the  synchroniza¬ 
tion  software  that  linked  up  our  system 
with  the  EMS  system  to  synchronize  our 
contact  records  and  calendar  items.” 

Working  with  MessageOne,  the  IT 
staff  took  only  a  few  hours  to  install 
the  software  on  the  two  servers,  con¬ 
figure  it  and  put  the  system  through 
some  live  tests,  Clancy  says.  The  sys¬ 
tem  costs  Global  Berry  $5,500  per  year, 
which  includes  three  activations,  he 
says.  Additional  activations  are  priced 
at  $1  per  mailbox  per  month. 

When  Clancy  installed  the  EMS  soft¬ 
ware  late  last  year,  it  didn’t  yet  have  the 
capability  to  replicate  archived  e-mail 
or  previously  sent  and  received  items. 
Clancy  says  he’s  planning  to  look  into 
that  feature  and  will  probably  add  it  to 
Global  Berry’s  package  of  services  soon. 

Showtime 

When  the  power  went  out  during  Hur¬ 
ricane  Charley,  Global  Berry  activated 
MessageOne,  says  O’Connor. 

“Then  when  the  e-mail  tried  to  get 
routed  to  Exchange  Server  and  couldn’t, 
the  MessageOne  systems  realized  Ex¬ 
change  Server  was  down  and  automati¬ 
cally  switched  over,”  he  says. 

Once  the  system  fails  over  to 
MessageOne,  it  makes  a  copy  of  the  in¬ 
bound  e-mails  and  stores  them,  explains 
O’Connor.  When  the  power  comes  back 
on  after  a  brief  interruption  and  Ex¬ 
change  Server  comes  back  up,  Message- 
One  forwards  those  e-mails  back  to  Ex¬ 
change  Server.  Users  don’t  even  realize 
there’s  been  a  problem  unless  they’ve 
been  notified  that  Outlook  was  discon¬ 
nected,  O’Connor  says. 

But  if  the  power  goes  out  and  Ex¬ 
change  Server  doesn’t  comes  back  up 
for  an  extended  period,  MessageOne  is 
activated  and  broadcasts  alerts  to  users. 
They  can  then  log  onto  a  secure  Web 
site  set  up  by  MessageOne  where  they 
can  send  and  receive  e-mails,  he  says. 

“When  the  Exchange  Server  went 
down  [during  Hurricane  Charley],  we 
knew  it  was  going  to  be  an  issue  be¬ 
cause  the  power  could  have  been  out 
for  days,  so  we  went  ahead  and  activat¬ 
ed  MessageOne,”  O’Connor  says.  “And 
we  were  able  to  continue  to  operate 
flawlessly.  Our  communications  were 
up  and  running,  and  we  kept  doing 
business,  and  our  customers  didn’t  re¬ 
alize  that  we  had  a  problem.”  O  54904 


SYNCHRONIZATION 

The  corporate  e-mail  server  is  synchronized  with  the  data 
center  using  EMS’s  SyncManager. 

'mm 

EMS  is  activated  via  phone  or  Web  console  in  a  matter  of 
minutes. 

'notFfFcatIon" 

Employees  are  notified  via  pager  or  a  secondary  e-mail 
address  that  EMS  has  been  activated. 

'access 

Employees  have  round-the-clock  access  to  their  e-mail  from 
any  Web-enabled  terminal  or  computer. 

’recovery 

Activity  that  occurred  while  EMS  was  activated  is  recovered 
with  RecoveryManager  back  to  the  primary  corporate  e-mail 
system. 


NEITHER  RAIN 
NOR  SLEET  NOR 
...HURRICANES 

A  Florida  berry  shipper  finds  a  way  to  keep 
e-mail  running  under  disaster  conditions. 

By  Linda  Rosencrance 
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~  LEONARD  KLEINROCK  is 

emeritus  professor  of 
computer  science  at 
&  the  University  of  Cali- 
—  fornia,  Los  Angeles. 

He  created  the  basic  principles  of 
packet  switching,  the  foundation  of  the 
Internet,  while  a  graduate  student  at 
MIT,  where  he  earned  a  Ph.D.  in  1963. 
The  Los  Angeles  Times  in  1999  called 
him  one  of  the  “50  people  who  most 
influenced  business  this  century.” 

Computerworld’ s  Gary  H.  Anthes  in¬ 
terviewed  Kleinrock  in  1994  as  part  of 
the  Internet’s  25th  anniversary  celebra¬ 
tion.  Recently,  Anthes  asked  Kleinrock 
for  an  update. 

You  told  Computerworld  11  years  ago  that 
the  Internet  needed,  among  other  things,  “a 
proper  security  framework.”  What  about 
today?  In  the  past  11  years,  things  have 
gotten  far  worse,  so  much  so  that  there 
are  parts  of  the  population  that  are  be¬ 
ginning  to  question  whether  the  pain 
they  are  encountering  with  spam, 
viruses  and  so  on  is  worth  the  benefit. 

I  don’t  think  there’s  a  silver  bullet.  We 
need  systemwide  solutions.  Strong  au¬ 
thentication  will  help.  IPv6  will  help. 
Identifying  the  source  of  information 
—  a  networking  issue  —  to  make  sure 
it’s  not  being  spoofed  will  help. 

You  called  for  better  multimedia  capabil¬ 
ities  in  1994  as  well.  One  of  the  major 
changes  related  to  multimedia  in  these 

II  years  has  been  the  explosion  of  what 
we  call  the  “mobile  Internet.”  There’s 
this  ability  now  to  travel  from  one  lo¬ 
cation  to  another  and  gain  access  to  a 
rich  set  of  services  as  easily  as  you  can 
from  your  office.  The  digitization  of 
nearly  all  content  and  the  convergence 
of  function  and  content  on  really  smart 
handheld  devices  are  beginning  to  en¬ 
able  anytime,  anywhere,  by  anyone  In¬ 
ternet  —  the  mobile  Internet.  But  there 
is  a  lot  more  to  be  done. 

Such  as?  We  have  to  make  it  easier  for 
people  to  move  from  place  to  place 
and  get  access.  What’s  missing  is  the 
billing  and  authentication  interface 
that  allows  one  to  identify  oneself  easi¬ 
ly  in  a  global,  mobile,  roaming  fashion. 
We  [will  j  see  this  change  to  an  alter¬ 
nate  pricing  model  where  people  can 
subscribe  to  a  Wi-Fi  roaming  service 
offered  by  their  company  or  from  their 
home  ISP.  As  these  roaming  agree¬ 
ments  are  forged  between  the  sub¬ 
scription  provider  and  the  owners/ 
operators  of  today’s  disparate  public- 
access  networks,  the  effective  number 
of  locations  where  a  subscriber  will  be 
able  to  connect  at  no  or  low  fee  will 


grow.  A  key  component  in  this  envi¬ 
ronment  is  internetwork  interoperabil¬ 
ity,  not  only  for  data  traffic  but  for  au¬ 
thentication  and  billing.  The  benefits 
will  be  ease  of  use  and  predictable  cost. 

You  mentioned  smart  handheld  devices. 
Where  are  they  going?  We  are  seeing 
your  phone,  PDA,  GPS,  camera,  e-mail, 
pager,  walkie-talkie,  TV,  radio,  all  con¬ 
verging  on  this  handheld  device,  which 
you  carry  around  in  addition  to  your 
laptop.  It  will  [alter  the  properties  of] 
a  lot  of  content  —  video,  images,  music 


—  to  match  what’s  come  down  to  the 
particular  device  you  have.  For  exam¬ 
ple,  you  may  be  using  your  handheld 
cell  phone  to  serve  as  a  passthrough 
device  to  receive  an  image  or  video 
that  you  wish  to  display  on  some  other 
output  device  —  say,  your  PC  or  your 
TV.  The  handheld  may  need  to  “dumb 
down”  the  image  for  itself  but  pass  the 
high-quality  stream  to  the  TV,  which 
will  render  the  stream  to  match  its  — 
the  TV’s  —  display  capability. 

Is  that  capability  of  interest  to  corporate  IT? 


You  have  warned  that  we  are  “hitting  a  wall 
of  complexity.”  What  do  you  mean?  We 

once  arrogantly  thought  that  any  man¬ 
made  system  could  be  completely  un¬ 
derstood,  because  we  created  it.  But 
we  have  reached  the  point  where  we 
can’t  predict  how  the  systems  we  de¬ 
sign  will  perform,  and  it’s  inhibiting 
our  ability  to  do  some  really  interest¬ 
ing  system  designs.  We  are  allowing 
distributed  control  and  intelligent 
agents  to  govern  the  way  these  systems 
behave.  But  that  has  its  own  dangers; 
there  are  cascading  failures  and  depen¬ 
dencies  we  don’t  understand  in  these 
automatic  protective  mechanisms. 

Will  we  see  catastrophic  failures  of  complex 
systems,  like  the  Internet  or  power  grid? 

Yes.  The  better  you  design  a  system, 
the  more  likely  it  is  to  fail  catastrophi¬ 
cally.  It’s  designed  to  perform  very  well 
up  to  some  limit,  and  if  you  can’t  tell 
how  close  it  is  to  this  limit,  the  col¬ 
lapse  will  occur  suddenly  and  surpris¬ 
ingly.  On  the  other  hand,  if  a  system 
slowly  erodes,  you  can  tell  when  it’s 
weakening;  typically,  a  well-designed 
system  doesn’t  expose  that. 

So,  how  can  complex  systems  be  made  more 
safe  and  reliable?  Put  the  protective  con¬ 
trol  functions  in  one  portion  of  the  de¬ 
sign,  one  portion  of  the  code,  so  you 
can  see  it.  People,  in  an  ad  hoc  fashion, 
add  a  little  control  here,  a  little  protocol 
there,  and  they  can’t  see  the  big  picture 
of  how  these  things  interact.  When  you 
are  willy-nilly  patching  new  controls  on 
top  of  old  ones,  that’s  one  way  you  get 
unpredictable  behavior.  ©  54835 
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Leonard  Kleinrock  predicts  ‘really 
smart’  handhelds  and  haptic  interfaces 
but  warns  of  out-of-control  complexity. 
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with  Interface  Message  Processor  1,  the  Arpanet  s  first  switching  node.  The 
minicomputer,  configured  by  Bolt,  Beranek  and  Newman,  arrived  at  UCLA  on  Labor  Day  weekend 
in  1969.  Two  days  later,  a  team  led  by  Kleinrock  had  messages  moving  between  IMP!  and  another 
computer  at  UCLA.  Thus  the  Arpanet,  the  forerunner  of  today’s  Internet,  was  born. 


Absolutely.  We  see  e-mail  already  on 
the  handheld,  as  well  as  the  ability  to 
download  business  documents  such 
as  spreadsheets  and  PowerPoint  pre¬ 
sentations.  We’ll  see  the  ability  to 
handle  the  occasional  videoconference 
on  a  handheld,  as  well  as  other  media- 
rich  communications.  We  are  right 
on  the  threshold  of  seeing  these 
multifunction  devices.  Of  course, 
the  human-computer  interface  is 
always  a  problem. 

How  might  that  improve?  Voice  recogni¬ 
tion  is  going  to  be  really  important. 
And  there  will  be  flexible  devices 
where  you  actually  pull  out  keyboards 
and  screens  and  expand  what  you  are 
carrying  with  you.  Haptic  technologies 

—  based  on  touch  and  force  feedback 

—  are  not  yet  here,  but  there’s  a  lot  of 
research  going  on.  For  example,  with  a 
handheld,  you  could  display  a  virtual 
keyboard  on  a  piece  of  paper  and  just 
touch  that. 
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Eyeing  an  Opening 
For  Open-Source 


Our  security  manager  is  surprised  when  her 
boss  takes  an  interest  in  exploring  some 
open-source  security  options.  By  C.  J.  Kelly 


I  DON'T  CARE  MUCH  for 
Monday  morning  meetings. 
Starting  a  week  with  a 
meeting  always  seems  like 
too  sharp  a  transition  from  the 
weekend.  Eyelids  tend  to 
droop,  including  mine.  But  on 
one  recent  Monday,  I  snapped 
to  attention  when  my  boss,  the 
IT  chief  for  our  agency,  said 
that  he  had  informed 
the  agency’s  adminis¬ 
trator  that  we  would 
be  going  the  open- 
source  route  on  a 
number  of  fronts  to 
increase  efficiency, 
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productivity  and  cost  savings. 

When  I  had  suggested  that 
idea  to  him  six  months  earlier, 
he  had  been  worried  about  in¬ 
tegrating  open-source  applica¬ 
tions  into  a  purely  Microsoft 
infrastructure.  I  had  suggested 
using  open-source  software 
for  applications  that  don’t  re¬ 
quire  integration  but  rather 
only  compatibility  with  stan¬ 
dards  such  as  SNMP,  TCP/IP, 
LDAP,  Java,  HTTP  and  HTML, 
but  I  was  pretty  sure  my  pro¬ 
posal  had  fallen  on  deaf  ears.  I 
was  wrong. 

My  boss  had  taken  note  of 
my  successful  implementation 
of  an  intrusion-detection  sys¬ 
tem  based  on  open-source 
software  (Linux,  Snort,  PHP, 
Apache  and  MySQL),  but  I 
wasn’t  aware  that  he  had  de¬ 
veloped  a  workflow  applica¬ 
tion  that  uses  a  MySQL  data¬ 
base.  Now  that  I  know  he’s 
open  to  implementing  more 
open-source-based  security 
devices,  we’re  on  our  way  to 
finding  alternatives  to  over¬ 
priced  commercial  software. 

Of  course,  we’re  a  long  way 
from  putting  Linux  on  the 
desktop,  and  our  server  farm  is 
primarily  Microsoft.  But  Pan¬ 


dora’s  box  is  open,  and  our  ef¬ 
forts  have  approval  from  the 
top.  The  sky’s  the  limit.  Or  I 
should  say,  the  limit  will  de¬ 
pend  on  how  creatively  I  can 
convert  our  current  IT  services 
to  open-source  alternatives. 

I’ll  focus  on  security  first 
and  then  move  toward  the  ser¬ 
vices  provided  by  our  Win¬ 
dows  2003  Enter¬ 
prise  Server  farm. 
Just  for  fun,  I’ll  con¬ 
vert  my  own  desk¬ 
top  to  Linux  so  I  can 
manage  the  infra¬ 
structure  from  a 


Linux  perspective  and  test  the 
interoperability  between  my 
system  and  the  Windows  envi¬ 
ronment. 

Seeking  Guidance 

Some  might  think  that  my 
embrace  of  Linux  is  too  gung- 
ho,  but  I’ve  done  my  research. 
Several  months  ago,  I  was 
searching  on  the  Internet  for  a 
guide  on  migrating  from  Win¬ 
dows  to  Linux.  I  found  an  in¬ 
teresting  document  from  the 
German  Federal  Ministry  of 
the  Interior  titled  “Migration 
Guide:  A  Guide  to  Migrating 
the  Basic  Software  Compo¬ 
nents  on  Server  and  Worksta¬ 
tion  Computers.”  Both  Ger¬ 
man-  and  English-language 
versions  of  this  comprehen- 
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sive  400-plus-page  document 
are  available. 

It  starts  off  by  covering  key 
issues  such  as  the  following: 

■  Definitions  of  terms  such 
as  open-source,  proprietary 
and  commercial,  and  the  dis¬ 
tinction  between  replacing  vs. 
continuing  types  of  migrations. 

■  Migration  paths  (Win¬ 
dows  as  the  starting  point,  and 
internal  dependencies  within 
the  Microsoft  landscape). 

■  Linux  distributions  (in¬ 
cluding  Debian,  SUSE  and 
Red  Hat). 

■  License  models  (GPL  and 
BSD). 

The  next  section  provides 
in-depth  technical  descrip¬ 
tions  of  the  migration  paths, 
with  the  discussion  covering 
file  systems,  print  services,  au¬ 
thentication  services,  network 
services,  system  audit  and 
management  services,  directo¬ 
ry  services,  middleware  (.Net, 
COM,  J2EE),  Web  services, 
SharePoint  Portal  Server,  data¬ 
bases,  groupware,  Office/desk¬ 
top  migration,  terminal  servers 
and  thin  clients,  and  high  avail¬ 
ability.  It  sure  sounds  like  the 
authors  covered  all  the  bases. 

Then  there’s  an  exhaustive 
evaluation  of  economic  effi¬ 
ciency.  This  may  not  appeal  to 
techies,  but  it’s  the  meat  of  sell¬ 
ing  a  conversion  program  to 
senior  management.  The  guide 
walks  you  through  monetary 
and  benefits  analysis,  total  cost 
of  ownership,  comparability 
and  the  full-cost  approach. 

And  there’s  more!  The 
guide  presents  recommenda¬ 
tions  based  on  the  evaluation 
of  economic  efficiency.  In  oth¬ 
er  words,  based  on  your  analy¬ 
sis  of  your  infrastructure,  you 
will  either  adopt  a  full  and 
complete  migration  to  Linux, 
a  continuing  migration  or  a 
partial  migration. 

My  experience  as  a  security 
manager  also  influences  my 
attitude  toward  open-source.  I 


have  spent  close  to  20  years 
working  in  the  trenches  in  IT 
security,  where  you’d  often 
hear  the  joke,  “If  it  weren’t  for 
Microsoft,  we’d  all  be  out  of  a 
job.”  That’s  because  Micro¬ 
soft’s  closed  operating  system 
(and,  just  to  be  fair,  we  can  ac¬ 
cuse  Apple’s  first-generation 
products  of  the  same  sin)  has 
been  fraught  with  technical 
flaws  and  security  holes. 

I’m  not  attacking  Microsoft. 
It’s  one  of  the  most  successful 
companies  in  the  world,  and 
Bill  Gates  is  one  of  the  world’s 
most  generous  philanthro¬ 
pists.  I’d  even  go  so  far  as  to 
say  that  Gates  and  Microsoft 
brought  computing  out  of  the 
scientific  communities  and 
into  the  hands  of  regular  peo¬ 
ple.  You  have  to  give  credit 
where  it’s  due.  Microsoft 
changed  our  world.  However, 
the  world  is  changing  again, 
and  this  time  proprietary  tech¬ 
nology  is  seen  as  the  problem, 
not  the  solution. 

My  agency  doesn’t  have  the 
kind  of  budget  that  allows  for 
blowing  big  bucks  on  Micro¬ 
soft  products,  just  as  I  can’t 
blow  big  bucks  at  Saks  Fifth 
Avenue.  Most  of  us  get  along 
pretty  well  shopping  at  Wal- 
Mart,  and  my  agency  will  get 
along  pretty  well  doing  the 
open-source  equivalent.  We’ll 
spend  some  money  on  hard¬ 
ware,  then  use  open-source  to 
manage  the  infrastructure  and 
provide  services  for  a  fraction 
of  the  price  of  buying  Micro¬ 
soft’s  software. 

Our  next  Linux-based  secu¬ 
rity  project  is  a  firewall.  I  have 
experience  with  Cisco  PIX 
and  Check  Point  firewalls,  so 
this  will  be  an  interesting  proj¬ 
ect  to  plan  and  implement.  I 
can  compare  the  ease  of  ad¬ 
ministration  and  functionality 
as  well  as  test  my  strategy,  one 
device  at  a  time,  to  convert 
our  infrastructure  to  open- 
source.  Wish  me  luck.  I 

WHAT  DO  YOU  THINK? 

This  week's  journal  is  written  by  a  real 
security  manager,  "C.J.  Kelly,"  whose 
name  and  employer  have  been  disguised 
for  obvious  reasons.  Contact  her  at 
mscjkelly@yahoo.com,  or  join  the  dis¬ 
cussion  in  our  forum:  QuickLink  a1590 

To  find  a  complete  archive  of  our 
Security  Manager's  Journals,  go  online  to 

Ocomputerworld.com/secjournal 
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Veritas  Security 
Raws  Exploited 

Attackers  have  exploited  secu¬ 
rity  flaws  in  Veritas  Software 
Corp.’s  remote  backup  agent  to 
take  control  of  computers  run¬ 
ning  the  software,  according  io 
the  U.S.  Computer  Emergency 
Readiness  Team.  The  organi¬ 
zation  urged  users  of  Veritas 
Backup  Exec  Remote  Agent  for 
Windows  Servers  to  apply  a 
security  patch  issued  by  Veri¬ 
tas.  The  software  is  used  to  re¬ 
motely  trigger  backup  of  data 
on  servers.  Veritas  notified 
customers  of  the  danger  on 
June  22  and  immediately  is¬ 
sued  a  patch  for  affected  ver¬ 
sions  of  the  software. 


Microsoft  Takes  on 
Online  Crime 

Microsoft  Corp.  is  providing 
Japan’s  National  Police 
Agency  with  early  warnings 
about  security  threats  to  help 
the  NPA  battle  online  crime, 
said  Bill  Gates,  the  company’s 
chairman  and  chief  software 
architect.  Under  an  agree¬ 
ment  signed  in  April,  Micro¬ 
soft  has  been  sharing  infor¬ 
mation  about  security  vulner¬ 
abilities  in  its  products  with 
the  NPA’s  High-Tech  Crime 
Technology  Division,  provid¬ 
ing  a  hotline  to  exchange  in¬ 
formation  on  cyberattacks 
and  conducting  training  to 
help  the  division  combat  on¬ 
line  crime,  Gates  said. 

Start-up  Debuts 
Security  Device 

A  start-up  founded  by  three 
former  Cisco  Systems  Inc. 
employees  announced  its  first 
product,  a  multifunction  secu¬ 
rity  device.  NetDevices  Inc.'s 
SG-8  consists  of  hardware  de¬ 
signed  to  minimize  network 
performance  problems  and 
software  applications  that  run 
independently,  so  if  one  fails. 


the  rest  keep  going.  The  price 


is  $15,000  for  a  base  mode! 
that  includes  a  four-port  T1 
or  Ethernet  WAN  card  and  an 
eight-pert  Ethernet  LAN  card, 
as  well  as  firewall,  VPN,  QoS, 
routing  arid  intrusion  detec¬ 
tion/prevention  capabilities. 


W; 


TECHNOLOGY 


www.computerworld.com 


26  GOMPUTERWORLD  July  4, 2005 


BRIEFS 


Orchestria  Tool  Aids 
Policy  Management 

■  Orchestria  Corp.,  a  New  York- 
based  provider  of  active  policy 
management  software,  has 
launched  Orchestria  4.0.  The  sys¬ 
tem,  which  manages  policy  com¬ 
pliance  for  e-mail,  instant  mes¬ 
saging  and  other  communication 
channels,  includes  a  Web  console 
feature  that's  designed  to  provide 
simplified  surveillance  capabilities. 
Pricing  starts  at  S120  per  seat. 


PwC  Content  Used 
In  Security  App 

■  Brabeion  Inc.  will  include  Price- 
waterhouseCoopers’  information 
security  content  in  its  Enterprise 
Security  Architecture  System. 
Originally  developed  by  PwC, 
ESAS  is  a  Web-based  tool  that 
helps  users  ensure  that  they  com¬ 
ply  with  IT  security  guidelines. 
McLean,  Va.-based  Brabeion  pur¬ 
chased  ESAS  from  PwC  in  April. 
Pricing  will  start  at  $75,000. 


Indicative  7.0  Ships 

■  Indicative  Software  has  re¬ 
leased  a  new  version  of  its  IT  ser¬ 
vice  management  software.  In¬ 
dicative  7.0  includes  new  fea¬ 
tures  that  allow  users  to  follow  the 
path  of  business  transactions  via 
components  such  as  JavaBeans 
and  servlets,  according  to  Fort 
Collins,  Colo.-based  Indicative. 
The  Java-based  software  also  in¬ 
cludes  autodiscovery  and  agent¬ 
less  monitoring  of  Citrix  Meta- 
Frame  and  IBM  AIX  systems.  Pric¬ 
ing  is  $65  per  measurement;  bun¬ 
dled  pricing  starts  at  $100,000. 


Mandriva  Upgrades 
Security  System 

a  Linux  vendor  Mandriva  SA  has 
released  the  second  version  of  its 
Multi  Network  Firewall  (MNF2) 
infrastructure  and  security  sys¬ 
tem.  Features  include  OpenVPN, 
network  interface  bonding  and 
bridging,  traffic  shaping,  network 
mapping  and  peer-to-peer  filter¬ 
ing,  Paris-based  Mandriva  said. 
MNF2  retails  for  $550. 
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Cracking  Down  on 
Intellectual  Property  Crime 


IN  FEBRUARY  OF  THIS  YEAR,  24-year-old  juju 
Jiang  of  Flushing,  N.Y.,  was  sentenced  to  27 
months’  imprisonment  followed  by  three  years  of 
supervised  release  and  ordered  to  pay  $201,620 
in  restitution  after  being  convicted  of  charges 
related  to  computer  fraud. 


On  March  4,  Rolyn 
Abugan,  24,  of  Corona, 

Calif.,  was  charged  with 
criminal  copyright  in¬ 
fringement  for  uploading 
onto  the  Internet  a  copy  of 
the  movie  Finding  Never- 
land  that  had  been  sent  to  a 
“screener”  for  the  Produc¬ 
ers  Guild  of  America.  Just 
four  days  after  that,  Seth 
Kleinberg,  26,  of  Pasadena, 

Calif.,  Jeffrey  Lerman,  20, 
of  College  Park,  Md.,  and 
Albert  Bryndzda,  32,  also  of 
Flushing,  pleaded  guilty  to 
felony  charges  of  conspiracy  to  com¬ 
mit  criminal  copyright  infringement  in 
U.S.  District  Court  in  New  Haven. 
Theirs  were  the  first  U.S.  cases  to  be 
brought  as  a  result  of  an  18-month, 
multinational  software  piracy  investi¬ 
gation  known  as  “Operation  Higher 
Education.” 

In  recent  years,  we’ve  witnessed  a 
dramatic  increase  in  cases  of  digital 
piracy  and  counterfeiting.  The  legal 
system  is  responding  with  aggressive 
prosecution  and  tough  sentences. 

While  the  latest  technologies  are  a 
boon  for  upstanding  organizations 
large  and  small,  they  serve  less- 
respectable  individuals  and  organiza¬ 
tions  as  well.  The  worldwide  trade  of 
pirated  and  counterfeit  goods  affects 
all  major  markets,  with  the  U.S.  in  the 
forefront.  That’s  not  surprising,  since 
the  U.S.  leads  the  world  in  the  devel¬ 
opment  of  intellectual  property  and 
the  manufacture  of  IP-related  prod¬ 
ucts.  (It  was  recently  reported  by 
the  International  AntiCounterfeiting 


Coalition  that  U.S.  indus¬ 
tries  that  rely  on  copyright 
protection  and  derivative 
businesses  account  for 
more  than  $433  billion, 
or  5.68%,  of  the  U.S.  gross 
national  product  —  more 
than  any  other  single  man¬ 
ufacturing  sector.) 

Illicit  trade  threatens  the 
competitiveness  of  both 
established  companies  and 
up-and-coming  businesses 
—  and  the  livelihoods  of 
all  of  their  employees. 
Available  for  purchase 
from  lowly  street  vendors  to  large- 
scale  mail-order  organizations  are  all 
sorts  of  counterfeit  goods,  with  DVDs, 
CDs,  electronics  and  software  at  least 
as  popular  as  the  more  traditional 
watches,  auto  parts,  perfume  and 
clothing.  It  is  estimated  that  these 
goods  account  for  up  to  7%  of  the 
world  market  and  cost  legitimate  busi¬ 
ness  several  billion  dollars  annually. 

It’s  obvious  that  legitimate  rights 
holders  lose  money  in  the  form  of  re¬ 
duced  sales  and  profits  when  their 
goods  are  counterfeited;  what’s  not  as 
obvious  is  that  there  are  other  conse¬ 
quences  as  well.  For  one  thing,  manu¬ 
facturers  of  bogus  merchandise  don’t 
observe  manufacturing  standards  and 
regulations.  As  a  result,  bogus  goods 
are  of  inferior  quality.  This  fact  cer¬ 
tainly  isn’t  lost  on  the  consumers;  they 
probably  just  ignore  the  shortcomings 
in  the  interest  of  saving  money,  but  lat¬ 
er  they  may  be  disappointed  to  realize 
that  there’s  no  support  or  recourse 
available  to  them  after  the  purchase. 
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Moreover,  the  counterfeiters  don’t 
comply  with  regulations  pertaining  to 
the  safety  and  health  of  their  workers. 
And  they  don’t  pay  duties  or  taxes,  so 
the  nations  where  the  goods  are  trad¬ 
ed  lose  out  on  potential  tax  revenues. 

Intellectual  property  crime  general¬ 
ly  falls  into  one  of  three  categories: 
copyright  violations,  theft  of  trade  se¬ 
crets  and  trademark  infringement.  The 
fundamental  goal  of  each  crime  is  for 
the  perpetrator  to  realize  a  profit  —  at 
the  expense  of  the  real  McCoy.  Copy¬ 
right  violation  most  often  refers  to  the 
counterfeiting  and  piracy  of  software, 
movies  and  recorded  music.  Theft  of 
trade  secrets  means  the  perpetrator 
has  stolen  proprietary  information 
from  any  industry;  it  could  be  a  manu¬ 
facturing  business,  a  financial  services 
firm  or  a  technology  company.  Trade¬ 
mark  infringement  involves  the  coun¬ 
terfeiting  and  vending  of  brand-name 
items  —  handbags,  clothing,  watches 
and  the  like. 

With  so  much  at  stake,  organizations 
and  governments  are  stepping  up  ef¬ 
forts  to  stem  the  looting  by  counter¬ 
feiters.  They’re  having  some  success 
with  the  new  technologies  that  aid  in 
the  identification  of  counterfeit  prod¬ 
ucts.  While  useful,  these  technologies 
do  have  limitations:  No  single  anti¬ 
counterfeiting  system  will  solve  the 
problem  for  all  victimized  businesses. 
Each  organization  must  determine  its 
specific  market’s  weaknesses  and  take 
at  least  some  responsibility  to  protect 
its  interests. 

When  it  comes  to  counterfeiting, 
everyone  is  an  interested  party,  from 
the  legitimate  manufacturer  to  the 
retailer,  the  distributor  and  the  indi¬ 
vidual  consumer.  When  all  parties  act 
together,  a  united  stance  will  prove  to 
be  the  best  defense  against  these  of¬ 
fenses.  ©  55280 
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“Legacy”  refers  to  code  written  “by  smart  people  a  long  time  ago  [that]  really  works,  instead  of 
being  the  latest  bug-ridden,  bloated  piece  of  garbage,"  says  Columbia  University’s  FRANK  da  CRUZ. 
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Like  it  or  not,  old  code  is  still  around,  and 
it  needs  special  care.  By  Gary  H.  Anthes 


/^VT  TTrV.  WHAT  IS  “LEGACY" 
V^vjlz^.  SOFTWARE? 
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a. 

Cobol/mainframe  code 

b. 

Software  written  before  1990 

c. 

Applications  that  have 
become  obsolete 

d. 

.  ■ 

Poorly  documented  systems 
that  no  one  wants  to  touch 

e. 

gig 

Secure,  reliable  and  effective 
stuff  that  just  keeps  running, 
year  after  year 

Interviews  with  a  number  of  IT 
managers  turned  up  all  of  those  defini¬ 
tions,  and  more. 


“Legacy  is  a  word  I  despise,”  says 
Frank  da  Cruz,  an  IT  manager  at  Co¬ 
lumbia  University  in  New  York.  “Peo¬ 
ple  say  ‘legacy’  and  it’s  like,  ‘Oh  my 
god,  how  could  you  possibly  use  that 
old  garbage?’  But  what  it  really  means 
is  that  it  was  written  by  smart  people  a 
long  time  ago  and  it  really  works,  in¬ 
stead  of  being  the  latest  bug-ridden, 
bloated  piece  of  garbage  from  some 
company  that  has  only  teenagers  work¬ 
ing  for  it.” 

However  you  define  legacy  software, 
IT  people  say  they  know  it  when  they 
see  it,  and  they  know  it  didn’t  all  go 
away  during  Y2k  remediation.  It’s 
the  stuff  with  poor  documentation, 
spaghetti  code  stirred  by  too  many 
cooks,  and  processing  cycles  more 
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appropriate  for  1970s  ways  of  doing 
business.  And  it’s  definitely  not  the 
stuff  you  tell  college  recruits  about 
when  they  come  looking  for  Java,  Web 
services  and  grid  computing. 

Yet,  like  da  Cruz,  a  number  of  IT 
folks  swear  by  it,  not  at  it,  saying  they 
wouldn’t  dream  of  switching  that 
trusty  old  accounting  system  they 
custom-coded  in  the  1980s  for  some 
newfangled  commercial  package  with 
a  seven-  or  eight-figure  price  tag. 

But  even  the  most  enthusiastic  of 
the  legacy  loyalists  acknowledge  that 
old  software  often  presents  special 
challenges.  They  employ  a  number  of 
tricks  —  both  managerial  and  technical 
—  to  keep  the  bits  flowing  in  those  old 
pipes. 

Not  Older;  Better 

For  Paul  Grant,  director  of  retail  sys¬ 
tems  application  development  at  Tow¬ 
er  Records  in  West  Sacramento,  Calif., 

“  ‘Legacy’  is  when  the  technology  can 
no  longer  fit  the  business  needs.”  By 
that  definition,  Tower’s  retail  point- 
of-sale  software,  some  1  million  lines 
of  Cobol  code  dating  to  the  mid-1980s, 
isn’t  legacy  software. 

Although  Tower  is  modernizing  it 
in  various  ways  —  by  adding  Web  ser¬ 
vices  interfaces  to  other  systems,  for 
example  —  the  underlying  Cobol  ap¬ 
plication  is  likely  to  serve  the  company 
for  years  to  come,  Grant  says.  “A  lot  of 
people  get  caught  up  in  the  wow  and 
sexy  stuff,  but  I’ve  been  a  proponent 
of  keeping  what  we  have  rather  than 
starting  all  over,  because  I  don’t  see 
the  benefit,”  he  says. 

But  it  would  be  a  mistake  to  think 
that  Tower  Records  got  its  million 
lines  of  Cobol  to  its  current  useful  and 
reliable  state  without  a  great  deal  of  ef¬ 
fort.  Tower  bought  the  software  in  the 
early  1990s  from  a  small  vendor  that 
supplied  point-of-sale  systems  to 
mom-and-pop  video-rental  stores. 

“The  source  code  was  terrible,”  Grant 
recalls,  “and  we  had  no  document¬ 
ation.” 

Tower  wrote  its  own  user  manuals, 
which  it  eventually  gave  the  vendor  as 
partial  payment  for  the  source  code. 

As  for  the  software,  “it  was  spaghetti 
code,  with  a  few  meatballs  thrown  in,” 
Grant  says.  "Every  time  we  asked  for 
a  change,  we’d  get  other  retailers’ 
changes  along  with  it.  So  the  code 
got  very  bloated  very  quickly.” 

Tower  gradually  rewrote  much  of 
the  code,  making  functional  enhance¬ 
ments  and  breaking  it  into  more  man¬ 
ageable  modules.  For  example,  one 
750,000-line  program  was  broken  into 
four  programs,  and  the  custom  code 
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Frank  da  Cruz,  an  IT  manager  at 
Columbia  University,  says  it’s  not 
fashionable  to  admit  to  running  old 
systems.  “People  say  they  have  to  have 
the  latest  version  of  Windows  and  the 
latest  three-letter  acronym  or  buzzword 
or  their  stock  will  go  down,”  he  says. 
“But  the  people  in  the  back  office  are 
running  something  that’s  really  battle- 
proven  and  tested  and  secure,  like  VMS, 
for  example.” 

Da  Cruz  is  the  author  of  an  online 
history  of  computing.  Among  the  gems 
to  be  found  in  it  is  his  "Glossary  of 
Forgotten  Terms.”  Here’s  a  sampling 
from  the  good  old  days: 


■  batch  *  plugboard 

■  core  ■  punched  card 

■  CRT  ■  relay 

■  drum  _  ■  remote  job  entry 

■  paper tape  ■TTY 


©For  definitions  of  those  terms 
and  much  more  information  about 
those  mad  mainframes,  check  out 
da  Cruz’s  Web  site: 

www.columbia.edu/acis/history 

-  Gary  H.  Anthes 

written  for  other  retailers  was  thrown 
away.  It  took  three  to  four  years  of 
“blood,  sweat  and  tears”  to  do  that, 
Grant  says.  “Anytime  we  opened  the 
code  to  make  changes,  we’d  do  as 
much  maintenance  as  possible.” 

But,  Grant  notes,  “we  ran  into  situa¬ 
tions  where  we  just  couldn’t  untangle 
the  mess,  so  we  left  it.  We  didn’t  want 
to  break  it.” 

More  recently,  Tower  has  been  able 
to  avoid  much  of  the  previous  angst  by 
using  the  AcuBench  Cobol  develop¬ 
ment  tool  from  Acucorp  Inc.  in  San 
Diego.  It  replaces,  among  other  things, 
a  Unix-based  VI  Editor  that  Grant  de¬ 
scribes  as  “terse  and  slow”  as  well  as 
manually  written  editing  and  searching 
scripts.  AcuBench  greatly  speeds 


maintenance  and  debugging  work, 
and  it  helped  Tower  “untangle  the 
spaghetti  code,”  he  says. 

Business  Trumps  Tech 

The  Ship  Systems  unit  of  Northrop 
Grumman  Corp.  in  Pascagoula,  Miss., 
has  about  7  million  lines  of  mainframe- 
based  Cobol  and  Fortran  code.  Dating 
from  the  late  1970s  and  early  1980s,  it 
supports  finance,  human  resources, 
payroll,  materials  management  and 
some  engineering  applications. 

Jan  G.  Rideout,  a  vice  president  and 
CIO,  says  there  isn’t  much  of  a  techni¬ 
cal  case  to  be  made  for  replacing  the 
old  code  with  something  more  mod¬ 
ern.  “Maintaining  those  systems  is 
pretty  easy  for  us,”  she  says.  “The 
mainframe  environment  is  very  secure, 
configuration  management  is  excel¬ 
lent,  and  we  have  excellent  tools.” 

But  can  she  Find  people  to  maintain 
those  dusty  old  systems?  “We  have  a 
very  low  attrition  rate,”  she  says.  “We 
do  hire  programmers  out  of  college, 
and  we  do  teach  them  Cobol.” 

Nevertheless,  for  business  reasons, 
Ship  Systems  decided  two  years  ago  to 
scrap  most  of  the  legacy  code  in  favor 
of  packaged  software  from  SAP  AG. 

The  legacy  software  is  no  longer 
flexible  enough  to  meet  the  needs  of 
the  business  units,  Rideout  says.  “It 
limits  the  types  of  really  large  process 
improvements  they  could  make,”  she 
says.  “While  they  can  make  incremen¬ 
tal,  small  changes,  this  basically  dic¬ 
tates  the  way  they  run  their  business.” 

For  example,  Rideout  says,  using 
wireless  I/O  devices  at  the 
company’s  shipyards  would 
be  very  attractive,  but  it 
would  require  building  a 
whole  new  set  of  applica¬ 
tions  on  top  of  the  legacy 
systems. 

Still,  Rideout  cautions 
managers  not  to  expect  big 
maintenance  cost  savings  after  SAP  has 
gone  live.  “That’s  overhyped  by  the 
suppliers  who  want  to  encourage  you 
to  replace  your  mainframe  systems,” 
she  says. 

But  during  the  long  SAP  phase-in, 
Rideout  says,  she’ll  continue  to  pay 
close  attention  to  the  personnel  issues 
presented  by  a  250-person  IT  organiza¬ 
tion  going  through  a  major  transition. 
Knowledge  of  older  systems  in  the 
heads  of  older  workers  must  be  shared 
with  younger  workers,  who  in  turn 
must  be  given  a  chance  to  work  on 
more  modern  technologies,  she  says. 

“Once  people  get  over  the  it’s-my- 
father’s-Cobol  thing,  the  young  kids 
can  be  a  little  open-minded  and  get 
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NORTHROP  GRUMMAN  CORP. 

into  these  older  systems  and  see  that 
there  are  some  interesting  aspects  to 
them,”  Rideout  says. 

Bill  DeRosa,  vice  president  of  IT 
management  at  DaimlerChrysler  Ser¬ 
vices  Americas  in  Farmington  Hills, 
Mich.,  says  he  has  three  major  systems 
that  are  more  than  15  years  old,  includ¬ 
ing  a  wholesale  system  that  tracks  ve¬ 
hicle  inventories  on  dealer  lots.  “We 
have  looked  at  them  from  time  to  time 
and  haven’t  come  up  with  a  real  good 
reason  to  replace  them,”  he  says. 

In  fact,  those  mainframe  Cobol  sys¬ 
tems  provide  a  model  for  modern  dis¬ 
tributed  systems  when  it  comes  to  se¬ 
curity,  maintainability  and  change  man¬ 
agement,  he  says.  “We  are  reinventing 
the  wheel  in  the  client/server  world  in 
terms  of  putting  the  disciplines  in  place 
that  we  already  know  how  to  do  on  the 
mainframe,  ”  DeRosa  says. 

But  he  acknowledges  that 
maintaining  old  Cobol  sys¬ 
tems  isn’t  what  his  devel¬ 
opers  want  to  do.  “So  we 
see  this  as  a  great  opportu¬ 
nity  to  go  offshore,”  says 
DeRosa.  “The  main  driver 
for  the  legacy  systems  is 
people,  and  India  gives  us  a  way  to 
prolong  the  life  of  these  systems.” 

Indeed,  another  automaker  has  also 
found  that  the  way  to  deal  with  legacy 
headaches  is  to  outsource  them  to 
someone  else.  General  Motors  Corp. 
has  turned  over  most  of  its  late  1970s 
and  early  1980s  code  to  Electronic  Data 
Systems  Corp.  Still,  GM  holds  an  annu¬ 
al  review  of  those  systems  to  deter¬ 
mine  whether  any  of  them  ought  to 
be  modernized  or  replaced. 

And,  says  Fred  Killeen,  acting  chief 
technology  officer,  GM  enthusiastical¬ 
ly  entertains  suggestions  from  EDS  as 
to  how  the  systems  might  be  improved. 
“It’s  the  kind  of  thing  we  want  suppli¬ 
ers  to  bring  to  us,”  he  says.  ©  55070 


HP  ProLiant 
ML310G2  SERVER 


Pentium  // 


Intel  ‘  Pentium  '  4  Processor  (3GHz,  800MHz) 
1GB  Total  PC3200  DDR  ECC  SDRAM 
(2)  80GB  SATA  Hard  Drives1 
5U  Tower  with  optional  rack  kit 
Hardware  limited  warranty,  1-year  parts, 
1-year  labor,  1-year  next-business-day 
on-site  support 


HP  STORAGEWORKS  DAT  40 
USB  INTERNAL  TAPE  DRIVE 


Easily  connects  to  the  ML310  internal 
USB  port 

No  more  SCSI  interface  costs  or  complications 
Same  performance,  capacity  and  reliability  as 
DAT  40  SCSI 

Includes  HP's  exclusive  One-Button  Disaster- 
Recovery  for  quick  server  restores 


SUDDENLY  YOU  CAN  APPRECIATE 
MICROMANAGERS. 


Finally  a  micromanager  you  want  around:  the  powerful  and  reliable  HP  ProLiant  ML310  G2  server.  Loaded  with 
HP-developed  manageability  features  and  powered  by  the  Intel®  Pentium®  4  Processor,  the  ML310  is  designed  to  minimize 
maintenance  and  maximize  productivity.  Just  pop  in  the  SmartStart  CD  to  walk  you  through  installation  and  get  your 
system  up  and  running.  HP  Systems  Insight  Manager  will  monitor  your  system  and  alert  you  to  potential  problems 
before  they  arise.  Then  leave  it  be  — the  optional  remote  management2  tools  let  you  keep  track  of  your  server  no 
matter  where  you  are.  And,  for  a  fast,  easy  backup  solution,  bundle  it  with  the  all-new  HP  StorageWorks  DAT  40  USB 
internal  tape  drive.  Just  another  reliable  solution  from  the  HP  Smart  Office  Portfolio. 


SMART  ADVICE  >  SMART  TECHNOLOGY  >  SMART  SUPPORT 


Three-year  Care  Pack 

Add  three  years,  next-business-day  on-site  support  for  $199 

Visit  our  Web  site  to  download  a  free  guide: 

Getting  Started  with  HP  Systems  Insight  Manager. 


Call  1-888-291-0364 
Click  hp.com/go/ML330mag2 
Contact  your  local  reseller 


Prices  shown  are  HP  Direct  prices;  reseller  and  retail  prices  may  vary.  Prices  shown  are  subject  to  change  and  do  not  Include  applicable  state  and  local  taxes  or  shipping  to  recipient's  address.  Offers  cannot  be  combined  with  any  other  offer  or  discount,  are  good  while  supplies  last  and  are  available  from  HP  Direct 
and  participating  HP  resellers.  All  featured  offers  available  In  U.S.  only.  Savings  based  on  HP  published  list  price  of  conflgure-to-order  equivalent  ($1 ,427  -  $358  Instant  savings  =  $1 ,069).  Certain  warranty  restrictions  and  exclusions  may  apply.  For  complete  warranty  details,  call  1  -800-345-1 518  (U.S.).  1  For  hard 
drives,  GB=bllllon  bytes.  2,  Optional  Remote  Insight  Ughts-Out  Edition  II  (RIL0E II).  Intel,  Intel  Inside,  the  Intel  Inside  Logo  and  Intel  Pentium  are  trademarks  or  registered  trademarks  of  Intel  Corporation  or  Its  subsidiaries  In  the  United  States  and  other  countries.  ©2005  Hewlett-Packard  Development  Company,  L.P. 
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BRAIN  FOOD  FOR  IT  EXECUTIVES 


Global  Home  Pages 
Receive  ‘Abysmal’ 
Report  Cards 

A  GLOBAL  CORPORATION’S  Web  home 
page  is  an  entry  point  for  every  conceiv¬ 
able  visitor,  from  investors  and  business 
partners  to  customers,  and  research 
shows  that  you  have  only  eight  seconds 
in  which  to  make  a  good  first  impression. 
But  most  corporate  home  pages  are 
“abysmal,”  says  a  report  by  Forrester 
Research  Inc.  analyst  Ron  Rogowski. 

Rogowski  audited  the  home  pages  of 
the  100  biggest  global  companies  and 
found  a  sea  of  wasted  space,  navigation 
problems,  cryptic  categories  and  “blocks 
of  inane  marketing  messages.” 

The  key  is  to  conduct  usability  research 
and  analyze  clickstream  data  to  figure  out 
what  visitors  really  want  to  do  when  they 


Shell.com  I  Shell  Directory 


Welcome  to  Shell.com 


help  |  contact  |  sitemap  search  [ 


Shell  Directory 

Visit  our  country  and 
business  websites  around 
the  world. 


Shell  for  Businesses 

Shell  offers  oils,  fuels, 
financial  services,  dynamic 
business  solutions  and 
more  to  businesses  of  all 
sizes. 


reach  the  home  page.  Success  is  mea¬ 
sured  not  by  how  much  time  the  visitor 
lingers,  but  by  how  fast  the  home  page 
routes  him  to  the  right  regional  site  or 
product  page,  Rogowski  says. 

The  study  found  some  pockets  of  en¬ 
lightenment,  at  BP  PLC  in  London,  Royal 
Dutch/Shell  Group  of  Companies  in  the 
Hague  and  Credit  Suisse  Group  in  Zurich. 
These  companies  track  the  user  path  off 


Investor  Centre 


Environment  and 
Sodety 


Shell  for  Motorists  About  shell 

More  than  20  million 
customers  a  day  visit  Shell 
service  stations  for  fuels,  Media  Centre 

motor  oils,  carcare  products 
and  more. 

Shell  for  the  Home  jobs  &  careers 

Shell  offers  a  range  of 
products  and  services  for 
the  home  -  from  natural  gas 
and  electricity  to  fuels  and 
lubricants. 


the  home  page  to  identify  the  most-visited 
areas.  This  guides  decisions  about  which 
content  and  links  should  be  included  on 
the  home  page. 

Royal  Dutch/Shell  takes  it  a  step  further 
and  adjusts  the  page  based  on  the  day 
of  the  week:  On  weekdays,  it  features 
content  aimed  at  investors;  on  weekends, 
it  switches  to  content  for  consumers. 

-  Mitch  Betts 
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Best  Bits 


The  most  useful  parts  of  recent  business 
and  IT  management  books 

THE  BOOK:  The  2nd  Digital  Revolution,  by 
Stephen  J.  Andriole  (CyberTech  Publishing,  2005). 

Apparentiy,  in  the  first  digital  rev- _ 

oiution,  IT  was  used  for  tactical  tfSS 
operations,  whereas  in  the  sec¬ 
ond  revolution,  IT  is  at  a  strategic 
level.  I'm  not  so  wild  about  the  ti¬ 
tle,  but  the  book  itself  has  a  good 
deal  of  candor  about  the  role  IT 
needs  to  play  in  corporate  Ameri¬ 
ca.  For  example,  Andriole  says  it’s 
time  to  move  beyond  talking  about 
"business  alignment,"  which  is  a 
sequential  approach,  and  take  a 
more  holistic  approach  that  recog¬ 
nizes  that  business  and  technology  are 
so  intertwined,  it’s  hard  to  tell  where  one  ends  and 
the  other  begins.  Andriole  -  a  professor  at  Villano- 
va  University  and  a  Cutter  Consortium  consultant  - 
calls  it  “business-technology  convergence."  CRM 
is  a  great  example:  It’s  both  a  business  model  and  a 
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H 

REVOLUTION 


technology.  Or,  as  one  prescient  CIO  used  to  say, 
“There  are  no  technology  decisions  -  only  busi¬ 
ness  decisions." 

The  book  covers  a  lot  of  other  ground,  from  IT 
governance  to  staffing.  But  it’s  the  no-nonsense 
statements  that  I  like  best.  On  the  subject  of  IT 
standardization,  for  example,  Andriole  says  varia- 

_ _  tion  is  your  enemy  and  “nonstandard- 

~~1  ization  is  just  plain  stupid." 

As  for  return  on  investment  and 
total  cost  of  ownership  metrics,  he 
says  that  they're  great,  but  "you  can¬ 
not  build  a  business  with  these  ham¬ 
mers."  Andriole  adds  that  “obsessive- 
compulsive  TCO/ROI  behavior  is  as 
unhealthy  as  any  obsessive-compul¬ 
sive  behavior.” 

And  to  answer  Nicholas  G.  Carr's 
question  as  to  whether  IT  matters,  the 
author  replies:  “Try  telling  a  CEO  that 
a  botched  $100  million  ERP  system 
doesn’t  matter."  ©  55116 

-Mitch  Betts 

WANT  MORE  BRIGHT  IDEAS?  Visit  our  blog: 
www.computerworld.com/blogs/betts 
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SECURITY  IS  UP, 
ERP  IS  DOWN 


tucts  are  you  buying 
lore  of  this  year? 


BASE:  100  CIOs  (75  in  the  U.S..  25  In  Europe) 


SOURCE:  MERRILL  LYNCH  &  CO., 
NEW  YORK.  APRIL  2005 


Buying 

Intentions 

■  IDC  researchers  say  their  index 
of  business  IT  demand  (below) 
shows  that  user  spending  expecta¬ 
tions  were  unchanged  last  month. 
IT  buyers  are  full  of  “guarded  opti¬ 
mism,”  IDC  analyst  Carol  Glasheen 
says,  which  means  “users  are 
preparing  for  renewed  economic 
growth,  even  if  they’re  not  entirely 
convinced  that  the  recovery  will 
continue.” 


dex  of  Business  IT 
Demand,  2005 


Congratulations  Aw 
Recipients! 

Mobile  &  Wireless  World  (M&WW),  in  conjunction  with  Computerworid, 
proudly  presented  the  third  M&WW  “Best  Practices  in  Mobile  &  Wireless” 

Awards  Program.  This  program  honored  seven  IT  user  “best  practice” 
case  studies  selected  from  a  field  of  qualified  finalists. 

Winners  were  recognized  at  the  Mobile  &  Wireless  World 
Awards  Ceremony  -  Wednesday,  June  1 5th  in  Scottsdale,  Arizona 


Recipients 

•Cox  Communications,  Atlanta,  Georgia 
•pH  Europe  Ltd,  Huddersfield,  United  Kingdom 

Honorable  Mention:  Staples,  Incorporated,  Framingham,  Massachusetts 

Recipients 

•Landstar  System  Incorporated,  Jacksonville,  Florida 
•Zipcar,  Cambridge,  Massachusetts 

Honorable  Mention:  Blue  Cross  Blue  Shield  of  Massachusetts,  Boston,  Massachusetts 

Business  Evolution  Recipients 

through  Mobilizing  •  Maytag  Corporation,  Newton,  Iowa 

Field  Workers  *Saia  Motor  Freight,  Duluth,  Georgia 

Honorable  Mention:  The  ServiceMaster  Company,  Downers  Grove,  Illinois 

Managing  Cellular  Recipient 

Mobile  Data  *The  PM  I  Group,  Incorporated,  Walnut  Creek,  California 


Deploying  Wireless 
Mobility  in 
the  Enterprise 


Transforming  the 
“Brick  and  Mortar” 
Enterprise 
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For  information  on  Mobile  &  Wireless  World 
visit  www.mwwusa.com 


Judging  Criteria 

To  evaluate  nominations,  judges  considered  each  project's: 

•  Strategic  importance  to  the  business. 

•  Positive  impact  on  other  business/organization  units. 

•  Substantive  customer  impact  (service,  retention,  acquisition), 

•  Ability  to  provide  a  strategic  advantage  to  the  business /organization 
while  anticipating  and  accommodating  the  deployment  of  future 
Mobile  &  Wireless  initiatives. 

•  Financial  return  and  measurable  payback  (returns  on  investment, 
assets,  resources)  through  created/protected  revenue  opportunities  or 
cost  savings. 

•  Ability  to  address  challenges  of  data,  Information  and  application  security,  etc. 


Thank  you  to  our  “Best  Practices  in  Mobile  &  Wireless” 
Judges  for  2005: 


Steve  Delahunty,  Vice  Chair, 

Network  Professional  Association 

Bruce  Hoard,  Technology  Journalist 
and  Network  World  founding  editor 

Julia  King,  Executive  Editor  of  Events 
and  National  Correspondent, 
Computerworid 
Ed  Meskill,  Publisher,  Mobile 
Enterprise  Media 

Ralph  Nichols,  Service  Program 
Manager,  Pitney  Bowes,  Inc. 


Jay  A.T.  Stailard,  Senior  Manager, 
Pfizer  Global  Pharmaceuticals 

John  Stehman,  Director  of  Research 
Operations  and  Principal  Business 
Analyst,  Robert  Frances  Group 

Daniel  Taylor,  Managing  Director, 
Mobile  Enterprise  Alliance,  Inc. 

John  C.  Wade,  Vice  President  and 
Chief  Information  Officer,  Saint 
Luke’s  Health  System 

Carl  Zetie,  Vice  President, 

Forrester  Research 
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DEVELOPMENT 


ON  A  SHOiSTMIMi 

Boosting  skills  needn’t  take  much  extra 
time  or  money,  but  it  does  require 
thought  and  effort.  BY  DAVID  PUTRICH 


fOUR  organization  is  only  as 
effective  as  the  people  who 
work  there.  And  the  best  way 
to  develop  an  effective  and 
motivated  workforce  is  to  keep 
people  challenged.  So  why  is 
employee  development 
often  overlooked  at  U.S. 
companies? 

A  study  by  Lominger 
Limited  Inc.,  a  leadership  development 
consultancy  in  Minneapolis,  looked  at 
how  well  managers  at  many  levels  and 
across  multiple  industries  performed 


in  67  defined  competencies.  At  the 
bottom  of  the  list  was  “developing 
direct  reports.” 

Another  workforce  development 
firm,  Development  Dimensions  Inter¬ 
national  Inc.  in  Pittsburgh,  reports  that 
“developing  others”  is 
rated  the  lowest  of  22 
leadership  competencies. 
Experts  estimate  that 
about  one  in  three  workers  has  a  writ¬ 
ten  skills-development  plan  and  is  exe¬ 
cuting  it.  But  are  these  employees 
getting  better?  At  which  skills?  How 


good  do  they  have  to  be?  And  at  what? 
And  what  about  the  other  two-thirds  of 
workers?  Are  they  getting  better  at 
anything  that  matters? 

Consider  your  own  organization. 
How  much  more  successful  could  your 
IT  department  and  company  be  if  your 
development  efforts  were  truly  focused? 
Are  managers  rated  on  how  well  they 
help  direct  reports  develop  skills? 

Even  when  employees  are  given 
training  opportunities,  it’s  not  always 
clear  that  the  training  results  in  the  ex¬ 
pected  outcome.  According  to  psychol¬ 
ogist  Daniel  Goleman,  who  wrote 
Working  With  Emotional  Intelligence 
(Bantam,  1998),  “Estimates  of  the  ex¬ 
tent  to  which  skills  taught  in  company 
training  programs  carry  over  into  day- 
to-day  practice  on  the  job  are  as  low  — 
and  gloomy  —  as  a  mere  10%.” 

To  managers,  that  news  is  disheart¬ 
ening.  But  there  is  hope.  Many  organi¬ 
zations  give  high  priority  to  develop¬ 
ing  employees,  and  —  training  budget 
or  no  training  budget  —  anyone  can  do 
it.  So  before  you  say,  “I  can’t  do  any 
skills  development  because  the  train¬ 
ing  budget  was  reduced  to  zero,”  con¬ 
sider  this  statistic  from  Lominger:  70% 
of  what  we  learn  as  adults  comes  from 
our  work  experiences,  20%  from  a 
coach,  and  10%  from  classes,  work¬ 
shops,  books  and  articles. 

Given  that  finding,  the  bulk  of  any 
individual’s  development  plan  should 
consist  of  work  activities.  And  there 
are  some  specific  and  tangible  things 
a  manager  can  do  to  help  employees 
develop  their  skills: 

■  First,  let  your  boss  know  what 
you’re  doing;  you  might  want  to  estab¬ 
lish  a  performance  goal  for  yourself  of 
developing  your  people.  If  the  manage¬ 
ment  team  hasn’t  done  much  in  terms 
of  workforce  planning,  you  may  need 
to  discuss  future  directions. 

■  Set  aside  time  with  each  employee 
to  discuss  his  career  goals,  particularly 
his  understanding  of  potential  roles  in 
the  organization.  Suggest  that  the  em¬ 
ployee  find  a  mentor  to  counsel  him 
on  long-term  goals. 

■  Discuss  the  employee’s  short-  and 
long-term  development  needs  toward 
those  goals. 

■  Help  the  employee  understand 
which  skills  —  technical,  process  and 
interpersonal  —  your  department  and 
company  need.  Role  definitions  come 
in  very  handy  here. 

■  Help  the  employee  understand  his 
current  skill  level  and  desired  level. 

■  Coach  the  employee  on  his  devel¬ 
opment  strategies.  Where  appropriate, 
suggest  courses  or  workshops.  Most 
important,  identify  specific  work  activ- 
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DO  IT  YOURSELF 

If  you’re  an  IT  employee,  managing  your 
own  career  should  be  a  top  priority. 

Here  are  some  simple  steps  to  follow: 

THINK  of  career  goals  three  and  five  years  out. 
DETERMINE  which  roles  will  be  available  and 
which  skills  will  be  needed  at  your  company. 
FIND  a  mentor. 

ASSESS  your  skill  levels  and  identify 
short-  and  long-term  development  needs 
to  reach  your  goals. 

KEEP  IN  MIND  that  developing  skills  takes 
time  and  requires  small,  day-to-day  steps; 
start  now. 

WORK  on  one  or  two  skills  at  a  time.  Consider 
activities  outside  of  work  to  boost  your  skills. 
ASK  your  supervisor  to  recommend  a 
coach  and  a  role  model. 

ASK  for  constructive  feedback  from  colleagues. 
REFLECT  on  your  efforts.  What  worked?  What 
didn't?  What  did  you  learn?  Try  new  ideas. 

-  David Putrich 


ities  —  a  project,  a  committee,  a  spe¬ 
cial  team,  even  something  outside  of 
work  such  as  a  volunteer  activity  — 
that  will  help.  Make  sure  participating 
in  these  activities  is  included  among 
the  employee’s  performance  goals. 

■  Stress  that  skills  development 
comes  in  small,  day-to-day  steps,  and 
reflect  that  in  the  development  plan. 
Suggest  a  peer  who  can  coach  the  em¬ 
ployee,  as  well  as  a  role  model. 

■  Provide  constructive  feedback  and 
encouragement  as  the  employee  makes 
changes  in  behavior. 

■  Encourage  the  employee  to  reflect 
on  his  plan  and  efforts:  what  worked, 
what  didn’t  and  what  else  to  try. 

Organizations  that  put  a  high  priori¬ 
ty  on  employee  development  stay 
fresher  and  are  more  capable  of  chang¬ 
ing  as  business  conditions  require. 
Moreover,  we  know  that  challenges 
and  opportunities  to  learn  drive  higher 
levels  of  job  satisfaction,  commitment 
to  the  organization,  mental  and  physi¬ 
cal  health,  and  life  satisfaction. 

Employee  development  can  be  a 
simple  process.  It  doesn’t  need  to  take 
much  extra  time,  nor  does  it  require  a 
big  budget.  Can  you  afford  not  to  in¬ 
vest  your  time  and  energy  in  develop¬ 
ing  your  people?  ©  55074 


Putrich  recently  retired  from  the  central 
IT  group  at3M  Co.,  where  he  spent 
his  last  seven  years  working  in  employee 
development.  He  is  a  consultant  and 
an  adjunct  professor  at  Concordia 
University  in  St.  Paul,  Minn.,  and  Cardi¬ 
nal  Stritch  University  in  Edina,  Minn. 
Contact  him  at  djweb@mn.rr.com. 
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It  may  be  getting  harder  to  find  any-  i 
one  who  still  has  a  sense  of  humor 
about  offshoring.  On  the  one  hand, 
executives  are  often  fretting  about 
cost  savings  that  haven’t  met  expec¬ 
tations.  On  the  other  hand,  laid-off 
workers  don’t 
see  much  to 
smile  about  as 
they  think  about 
techies  in  Ban¬ 
galore  doing  the 

work  they  used  to  do,  at  a  fraction  of 
the  cost.  A  bit  of  whimsy  is  wel¬ 
come,  and  some  arrived  last  month 
courtesy  of  satirist  Art  Buchwald. 

His  June  9  column  in  The  Washing-  ■ 
ton  Post  purports  to  be  a  transcrip-  jj 
tion  of  a  conversation  with  travel  I 


agent  “Tommy  Cook,”  who  says  he 
is  offering  outsourced  vacations. 

Cook's  plan,  as  cooked  up  by 
Buchwald,  is  to  have  a  local  take  a 
trip  to  some  foreign  destination  for 
you.  So,  for  example,  a  Mexican  citi¬ 
zen  will  drive 
around  Aztec 
ruins  for  you, 
and  a  “Chinese 
guide  in  Beijing 
will  visit  the 
Great  Wall  and  send  you  pictures  of 
it.”  The  savings  come  from  those 
guides  doing  the  same  thing  for  lots 
of  people  at  the  same  time. 

Ridiculous,  of  course,  but  a  wry 
smile  is  hard  to  suppress. 

-  Jamie  Eckle 
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An  MBA  Pays 

(And  So  Does  a  Y  Chromosome) 


When  it  comes  to  IT  salaries,  an 
MBA  trumps  experience,  according 
to  a  survey  ot  55,000  IT  workers  from 
1999  to  2002. 

An  MBA  degree  from  a  two-year 
program  can  boost  a  person’s 
salary  by  8.2%,  according  to  a  study 
published  last  September  by  professor 
M.S.  Krishnan  and  researcher  Sunil 
Mithas  of  the  University  of  Michigan's 
Stephen  M.  Ross  School  of  Business. 
Meanwhile,  two  extra  years  of  expe¬ 
rience  boosted  a  person’s  salary  by 
just  2.8%. 

The  study,  which  cuts  across  a  vari¬ 
ety  of  job  titles,  including  senior  and 


midlevel  IT  managers,  also  found  that 

women  in  high-tech  jobs  earn 
7.8%  less  than  men  with  similar 
positions,  educational  backgrounds 
and  work  experience.  “In  general, 
whether  they  have  an  MBA  or  don’t, 
compensation  for  women  continues  to 
trail  men,"  says  Mithas.  “We  don't  come 
to  the  conclusion  that  there  is  discrimi¬ 
nation  against  women,  just  that  they  lag 
in  earnings.” 

Across  industries,  Krishnan  and 
Mithas  found  that  technology  firms 
pay  9.4%  higher  wages  than  non¬ 
tech  companies. 

-  Thomas  Hoffman 
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McFarland 


II  At  II  Is  your  company 

reaching  out  to 
disabled  veterans?  Probably  not. 
Indeed,  only  recently  did  the  VA 
itself  establish  a  program  aimed 
at  hiring  more  disabled  veterans, 
including  in  IT.  Contributing  editor 
Jamie  Eckle  spoke  with  VA  CIO 
Robert  N.  McFarland. 


TITLE:  Assistant 
secretary  for 
information  and 
technology 


ORGANIZATION: 

U.S.  Department 
of  Veterans  Affairs 


Hiring  injured  young  war  veterans  for  VA 
jobs  seems  like  a  natural.  How  did  this 
come  about?  In  September  2003,  the  Office 
of  the  Assistant  Secretary  for  Information  and 
Technology  [OIT]  established  the  IT  Intern  Pro¬ 
gram,  which  focused  on  recruiting  and  train¬ 
ing  the  next  generation  to  lead  VA's  future  IT 
program.  Recognizing  the  huge  success  of 


this  first  effort,  the  [OIT]  tasked  their  staff  in 
September  2004  to  broaden  this  program  to 
attract  young  veterans  and  in  particular  young 
service-connected  disabled  veterans. 

In  September  2004,  OIT  began  working 
with  Walter  Reed  Hospital  to  establish  a  part¬ 
nership  program  between  VA  and  DOD  that 
would  enable  disabled  service  members  to 
gain  credible  work  experience  by  volunteering 
with  VA  while  awaiting  completion  of  their 
discharge,  a  period  that  can  take  from  six 
months  to  two  years. 

As  this  program  goes  national,  how  many 
IT  jobs  are  likely  to  be  filled  by  disabled 
vets?  There  is  no  definitive  answer  to  this 
question,  as  there  are  so  many  variables  to 
consider:  not  the  least  is  the  disabled  veter¬ 
an’s  career  ambitions.  We  cannot  and  do  not 
promise  anyone  a  position. 

IT  positions  require  a  variety  of  skill  sets. 
Where  there  are  matches  and/or  entry-level 
positions,  every  effort  will  be  made  to  provide 
these  veterans  the  opportunity  for  these  new 
career  paths. 

How  old  is  the  VA  IT  staff?  Are  there  a  lot 
of  retirements  looming?  Out  of  the  almost 
5,000  ^specialists,  18%  are  eligible  for  re¬ 
tirement  by  the  end  of  the  calendar  year.  If 
you  consider  those  eligible  for  early  outs,  that 
number  increases  to  35%  of  the  total  number 
of  IT  specialists.  O  55052 


Feeling  Better 


According  to  the  “2005  What’s  Working  Survey,”  conducted  by  Mercer  Human  Resource 
Consulting  Inc.,  employee  commitment  and  confidence  are  on  the  rise  in  the  U.S.  Mercer  polled 
a  representative  sample  of  workers  employed  by  more  than  800  companies  across  the  U.S. 
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FAVORABLE  RESPONSES 


I  am  confident  that  my  organization  will  be  successful  in  the  future. 

«■»  me  -ttm  w  ■»»  mot  m  wkk  »uk  xm  am  tew  sa».«es«  osirrmK  .«**  y»  ',wv 

I  am  proud  to  work  for  my  organization. 

«»»«»*»  otK  awn  MM  «»  «*:  -s*»  awr  cm  vnttr*  nw-  mm  swft  m*  *w.  *c*.  -vm  -mc  **._'«■«»■ 

I  would  recommend  my  organization  to  others  as  a  good  place  to  work. 

sm  raw  am  ww  tun  s**>  me  iw  aner  *ac emi  was  mc  #a  ate-  ok*  *mb  »».«w  eon  ter -  sr 

The  level  of  job  security  offered  by  my  organization  is  as  good  as  or 
better  than  security  offered  by  organizations  in  our  geographic  area. 

•«**  *«*  Me  «»  *»»  ttxr.ttess  »*»  on*  mmm  s*  aw*  *ss  rsa  not  *6tr  om  tatx  >ur  ijt,  «*?  sue  > 

I  feel  a  strong  sense  of  commitment  to  my  organization. 

was  »»  Wte  saw  sok  **»*  vte  ««  x,»  «we  aoo  es*  v»x  urn  uyt  -  .s*  vs* 

The  level  of  job  security  offered  by  my  organization  is  as  good  as  or 
better  than  security  offered  by  organizations  in  our  industry. 
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I  am  confident  that  I  can  achieve  my  long-term  career  objectives 
in  my  organization. 

mm  i vm  vm  w  mm  w  m«e  my  tom  t*m  «w  -•*.«  wr..  mu  am  *»n  »•*■.  *-« 

I  believe  that  my  organization  as  a  whole  is  well  managed. 

mm  k*5  om  oat  wt*  -am  saw  tnet  not  mm  mx  w  ««  v;.w  ear.  am  xux  *ws  t kva  y 

I  believe  management  behaviors  are  consistent  with  the 
organization’s  values. 
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I  trust  management  to  always  communicate  honestly. 
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QUICK  HITS 


Offshore  Realities 


Which  describes  your 
company’s  approach  to  using 
offshore  IT  services? 


■  We're  not  using  them  and 
won’t  in  the  next  12  months. 


B  We  have  made  a  commitment  to  off¬ 
shore  but  are  still  ramping  up  our  use. 

B  We  use  offshore  resources 
whenever  and  wherever  possible. 

B  We  aren't  using  them  but  are 
actively  tracking  developments. 

B  We  have  pilot  projects  in  place  but 
haven’t  made  a  full  commitment. 

B  Don’t  know. 

Base:  113  IT  decision-makers  at 
North  American  services  firms 


Has  your  company 
realized  the  savings  it  expected 
from  going  offshore? 


B  Too  early  to  tell 


Yes 


I  Savings,  but  not  as  much 
as  expected 


Wt  No  savings 


I  Savings  that  exceeded 
expectations:  5% 


Don’t  know:  5% 


-B  Costs  went  up:  2% 


Base:  42  IT  decision-makers  at 
North  American  services  firms 
using  offshore  providers 

SOURCE:  FORRESTER  RESEARCH  INC.. 
CAMBRIDGE,  MASS..  JUNE  2005 


The  Truth  About 
‘Useless’  People 


PAUL  GLEN 


Every  so  often,  someone  will  ask  me  what 
to  do  with  “nondelivery”  people.  The  ques¬ 
tion  goes  something  like  this:  “How  do  you 
deal  with  people  who  can’t  execute?  They 
are  good  at  technical  analysis,  documenta¬ 
tion  and  strategy,  but  not  delivery.  I  can’t  afford  them.” 

What  the  questioner  is  politely  trying  to  ask  is  this: 
“What  should  I  do  with  useless  people?” 


It’s  a  question  that  some¬ 
times  rubs  me  the  wrong 
way,  and  I’ll  try  to  explain 
why.  Once  you  dig  into  the 
query  in  more  detail,  you 
find  that  it  actually  can 
have  one  of  two  very  dis¬ 
tinct  meanings. 

In  the  reasonable  ver¬ 
sion,  the  questioner  is  ask¬ 
ing  about  a  few  intelligent 
and  talented  employees 
who  are  simply  unable  to 
finish  anything.  These  are 
the  people  who  are  seem¬ 
ingly  paralyzed  by  ambigu¬ 
ity  and  are  incapable  of 
moving  forward  until  every 
possible  question  has  been 
answered. 

Helping  ambiguity-chal¬ 
lenged  people  is  quite  hard.  When  I 
have  encountered  them,  my  impres¬ 
sion  has  been  that  they  have  a  deep- 
rooted  emotional  need  for  complete 
information,  one  that’s  not  easily  over¬ 
come  by  repeated  pleas  for  progress,  a 
bad  review  or  even  being  fired. 

The  best  you  can  do  for  them  is  to 
gently  let  them  know  that  perfection 
isn’t  required  in  the  First  draft  of  a 
piece  of  work  and  that  its  purpose  is 
to  help  figure  out  both  the  best  ques¬ 
tions  to  ask  and  the  answers  to  those 
questions.  Relieved  of  the  burden  of 
perfection,  they  can  more  easily  pro¬ 
duce  drafts. 

In  my  younger  days,  I  had  a  tad  of 


this  tendency  myself.  I 
once  worked  for  a  project 
manager  whom  I  ques¬ 
tioned  almost  constantly 
for  the  first  six  months  we 
were  together.  When  I  quit 
the  job  after  a  year  on  the 
project  to  go  back  to  grad¬ 
uate  school,  he  took  me 
aside  at  the  farewell  party. 

“I  don’t  understand  you 
at  all,”  the  project  manager 
said.  “For  the  first  six 
months  you  were  here,  you 
were  such  a  pain  in  the 
@#$.  After  that,  we  rarely 
spoke,  and  you  became  by 
far  the  most  productive 
person  on  the  project. 
What  happened?” 

“I  finally  figured  out 
what  you  wanted,”  I  explained.  “We 
don’t  see  the  world  the  same  way,  and 
nothing  you  asked  for  made  sense  to 
me,  so  I  had  to  ask  a  million  questions. 
Once  I  figured  out  what  you  were  try¬ 
ing  to  do,  I  just  got  on  with  it.  I  didn’t 
necessarily  agree  with  your  approach, 
but  that  was  fine  with  me,  as  long  as  it 
was  a  coherent  one.” 

The  question’s  other  possible  mean¬ 
ing  is  a  bit  more  irksome  to  me.  In  this 
version,  the  questioner  has  a  few  em¬ 
ployees  who  are  quite  talented  and  can 
finish  their  work,  but  they  specialize 
in  things  that  the  manager  doesn’t 
consider  “real  work.” 

These  employees  are  the  people 


who  neither  code  nor  test.  They  do 
the  things  that  we  learned  little  about 
in  engineering  school.  They  write  re¬ 
quirements  documents,  design  archi¬ 
tectures,  and  produce  user  and  produc¬ 
tion  support  documentation.  They  ne¬ 
gotiate  with  the  customers  rather  than 
writing  code  themselves,  they  build 
consensus  about  what  should  be  done. 

Here,  the  questioner  needs  to  re¬ 
think  his  conception  of  what  useful 
work  is.  These  people  do  a  great  deal 
of  the  heavy  lifting  that’s  truly  neces¬ 
sary  on  a  project.  If  their  manager 
thinks  that  projects  can  be  completed 
successfully  without  building  consen¬ 
sus  or  writing  user  documentation,  he 
probably  needs  to  expand  his  defini¬ 
tion  of  project  success. 

Delivering  technology  isn’t  our  job. 
Making  our  organizations  run  smooth¬ 
ly  and  efficiently  is.  Technology  is  the 
means  to  that  end.  And  if  users  need 
documentation  to  apply  our  technolo¬ 
gy,  then  writing  that  documentation  is 
“real  work”  in  my  book. 

Ten  years  ago,  I  used  to  have  these 
conversations  all  the  time  about  proj¬ 
ect  managers.  Clients  didn’t  want  to 
pay  for  them.  Project  managers  didn’t 
code,  so  no  one  knew  what  they  did. 
Clearly,  they  weren’t  real  workers. 

Luckily,  this  discussion  about  proj¬ 
ect  managers  is  much  rarer  now.  To¬ 
day,  few  would  think  of  starting  a  sig¬ 
nificant  project  without  one,  and  the 
success  rate  of  projects  is  inching  up¬ 
ward  in  our  industry. 

Just  remember,  if  we  were  to  go  to  a 
conference  of  chief  financial  officers 
(or  even  of  programmers),  we  might 
overhear  someone  asking  a  similar 
question:  “What  should  I  do  about  my 
CIO?  I  have  no  idea  what  he  does.  He 
doesn’t  produce  code,  and  we  can’t 
afford  him.”  ©  55069 


WANT  OUR  OPINION? 

OFor  more  columns  and  links  to  our  archives,  go  to 

www.computerworid.com/opinions 


PAUL  olen  is  an  1 1  man¬ 
agement  consultant  in 
los  Angeles  and  the  au¬ 
thor  of  the  award-winning 
book  Leading  Geeks: 
How  to  Manage  and  Lead 
the  People  Who  Deliver 
Technology  (Jossey-Bass 
Pfeiffer,  2003; 
www.leadlnggeeks.com ) 
He  can  be  reached  at 
info@c2-consulting.Gom. 


Find  out  how  to  get  the  most  out  of 
your  job  search  and  your  career. 
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Get  the  latest  industry  news,  as  well 
as  valuable  job-  seeking  and  career 
enhancement  advice. 


Read  about  IT-related  issues  such  as: 

-  Hiring/recruiting 

-  Education/training 

-  Consulting/contracting 

-  Skills 


Remember,  knowledge  is  power, 
and  the  Careers  Knowledge  Center 
is  the  place  to  get  it! 


Go  to  www.computerworld.com  today. 


Software  Engineer  (National 
Placement  out  of  Pittsburgh, 
PA  -  Multiple  Positions)  Analy¬ 
ze,  design,  test,  develop  and 
implement  computer  software 
applications  including  system 
administration.  Bachelor  Deg¬ 
ree  or  equivalent  in  Computer 
Science,  CIS,  MIS  or  Engin¬ 
eering  and  five  years  related 
experience  or  in  the  alternate  a 
Masters  degree  and  three 
years  of  related  experience  or 
equivalent.  Skills  in  EPIC, 
KM  ATE,  Java,  C++,  MS  Ac¬ 
cess,  Oracle  and  Windows 
2000  are  necessary.  Must  be 
able  to  relocate  to  different 
client  sites  as  needed.  9-5,  40 
hrs/wk.  Please  reference  SE 
100-CW  and  Send  resumes  to 
Attn:  HR,  Women  of  the  World 
Corporation,  LLC,  5168  Camp¬ 
bells  Run  Road,  Pittsburgh,  PA 
15205  or  email  resume  to 
iobs@wowcorp.com. 


DBA,  Oracle.  Install  support  and 
enhance  Oracle  RDBMS  in  a 
large  distributed  application 
environment.  Design,  create, 
maintain  and  tune  database, 
migrate  /  upgrade  database 
(including  data  conversion  from 
Legacy  to  Oracle)  on  various 
Oracle  versions  utilizing  Unix 
(Sun  Solaris)  and  Oracle  DBA 
tools.  Create  backup  and  recov¬ 
ery  schemes.  Ensure  the 
integrity  and  access  security. 
Assist  applications  developers  in 
troubleshooting  problems  enc¬ 
ountered  in  the  development 
process.  Requirements:  Assoc¬ 
iates  Degree  in  Computer 
Information  Technology  and  3 
years  of  experience.  Resume 
to:  Staffing  Innovations  5120 
Shoreham  PL.,  #100,  San  Diego 
CA  92122  or  fax  (858)  677-7794 


Systems  Administrator 

to  administer  university 
wired/wireless  networking 
system.  BSCS/EE  with  2 
years  of  related  exp.  in 
LAN  and  wireless  net¬ 
works,  Wi-Fi,  VoIP  imple¬ 
mentation,  wireless/sys¬ 
tems  security,  protocols, 
and  Applications/Web  ser¬ 
vers.  Send  resume  to 
UTEP  at  500  W.  University 
Ave,  El  Paso,  TX  79968, 
Attn:  Andrew  Pena.  Ref  to 
JO#35. 


IT  Manager 

Crown  Worldwide,  Inc.  seek¬ 
ing  IT  manager  in  San  Mar¬ 
cos.  Manage  daily  IT  opera¬ 
tions,  develop  management 
strategies,  and  direct  &  coor¬ 
dinate  IT  activities  abroad. 
Bachelor's  in  Computer  Sci¬ 
ence  +  2  yrs.  IT  mgmt.  exp. 
req'd.  Fluent  in  Russian  or 
Kazakh  req'd.  To  apply,  speci¬ 
fy  the  position  and  send 
resumes  to  400  Deertrail  Dr., 
San  Marcos,  TX  78666, 
ATTN:  William  R.  King,  or  by 
fax:  512-353-4467. 


Computer  Specialist/Web 
Applications  Developer 
with  proven  track  record  in 
applications  development 
for  client-server  environ¬ 
ments  to  work  out  of  our 
New  Orleans  office.  Re¬ 
sumes  to  SAIC,  1450 
Poydras  St.  #1700,  New 
Orleans,  LA  70112,  or 
www.saic.com,  referencing 
job  code  #ARM119825. 
EOE. 


IT  consulting  firm  with  HQ  in 
Vermont  has  multiple  openings 
for  IT  professionals  to  serve 
multiple  clients  throughout  the 
U.S.  Job  duties  include:  Analy¬ 
sis,  design,  development  and 
testing  of  computer  applications. 
Specific  skill  sets  needed  in¬ 
clude: 

•  .Net  developers  JO-OIO 

•  J2EE  developers  JO-020 

•  Data  warehousing  developers 
(Cognos/lnformatica,  Ablnitio/ 
Business  Objects)  JO-030 

•  Oracle  Developers/DBA 
JO- 040 

•  Siebel  Developers  JO-050 

•  ATG  Developers  JO-060 

•  Systems  Administrators 
JO-070 

•  ERP  Consultants  -  Oracle/ 
Peoplesoft/SAP  JO-080 

Positions  require  either  a  B.S. 
degree  in  a  related  field  and  1-2 
yrs.  of  exp.  w/specific  skill  sets. 
Some  entry  level  positions  are 
available  &  require  a  M  S.  de¬ 
gree  &  related  coursework  or 
exp.  Some  senior  level  positions 
are  also  available  &  require  5 
yrs.  of  progressive  exp.  Compe¬ 
titive  salaries.  Must  be  willing  to 
travel/relocate.  Send  resume  to: 
jobs@iTechUS.com.  Refer  to 
specific  JO#  for  consideration. 
Applicants  must  have  authority 
to  work  permanently  in  the  U.S. 


COMPUTER  OPERATIONS 
MANAGER  sought  by  IT  Firm 
w/MS  in  Engg/Mgmt  Sci  +  1  yrs 
exp  (alternatively  co.  willing  to 
accept  or  B.S.  in  Engg/Mgmt. 
Sci  +  5  yrs  exp  in  lieu  of  Master's 
degree  +  1  yr  exp).  Plan  &  dvlp 
policies  &  procedures  for  s/ware 
dvlpmt  &  consulting  using  .Net 
tech,  SQL  2000,  VB;  manage 
project  schedules,  identify  risks 
&  clearly  communicate  them  to 
project  stakeholders,  define 
problem  solving  &  risk  mitigation 
strategies  &  facilitate  conflict 
resolution  through  full  project 
cycle;  verify  adequacy  &  com¬ 
patibility  w/existing  h/ware  & 
s/ware  &  resolve  problems  of 
intent,  inaccuracy  &  feasibility  of 
oper .  oversee  compilation  & 
analysis  of  project  activities  & 
supv  workers  to  deliver  statisti¬ 
cal  data/reports  on  project's  fea¬ 
sibility  &  progress,  &  ensure 
document  &  network  security 
using  Oracle,  SQL  server;  eval 
trade  offs  between  tech.  & 
s/ware  platforms;  prep  &  monitor 
oper.  budgets.  9a-6p.  40  hr/wk. 
Fax  resume  to  DataSoft  Soft. 
Consul.,  1  Gateway  Center 
#2600,  Newark.  NJ  07102. 


Senior  Database  Administrators 
(Oracle  DBA  -  National  Place¬ 
ment  out  of  Pittsburgh,  PA  - 
Multiple  Positions).  Design, 
install,  configuration,  support, 
modeling  and  administration  of 
Oracle  Databases.  Bachelor 
Degree  or  equivalent  in  Compu¬ 
ter  Science,  CIS,  MIS  or  Engin¬ 
eering  and  five  years  related 
experience  or  in  the  alternate  a 
Masters  degree  and  three  years 
of  related  experience  or  equiva¬ 
lent.  Skills  in  Oracle  8.x/8i/9i / 
1 1  i,  OEM.  ERWIN,  UNIX.  PL/ 
SQL,  SQL*Loader  and  Red  Hat 
Linux  Platforms  are  necessary. 
Certification  is  preferred.  Must 
be  able  to  relocate  to  different 
client  sites  as  needed.  9-5,  40 
hrs/wk.  Please  reference  DBA 
100-CW  and  Send  resumes  to 
Attn:  HR,  Women  of  the  World 
Corporation,  LLC,  5168  Camp¬ 
bells  Run  Road,  Pittsburgh,  PA 
15205  or  email  resume  to 
jobs@wowcorp.com. 


Manhattan  Associates, 
Inc.,  a  worldwide  lead¬ 
er  in  supply  chain  exe¬ 
cution  systems  is  look¬ 
ing  for  IT  professionals 
for  our  Atlanta,  GA  & 
Burlington,  MA  loca¬ 
tions.  US  WORKERS 
ONLY.  S/W  &  Bus.  An¬ 
alysts,  Consultants  & 
DBA.  See  our  website: 
www.manh.com/careers/ 
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Continued  from  page  1 

Broadband 

The  court  ruled  in  a  6-3  vote 
that  cable  companies  don’t 
have  to  let  rivals  offer  high¬ 
speed  Internet  access  over 
their  lines.  The  majority  said 
that  because  the  law  on  the 
matter  is  ambiguous,  the  courts 
should  defer  to  the  authority  of 
the  Federal  Communications 
Commission,  which  in  2002 
classified  cable-based  broad¬ 
band  as  an  “information  ser¬ 
vice”  that  isn’t  subject  to  tele¬ 
phone  network-access  regula¬ 
tions.  An  appeals  court  had  pre¬ 
viously  ruled  against  the  FCC. 

After  the  Supreme  Court 
overturned  the  lower-court 
ruling,  FCC  Chairman  Kevin 
Martin  called  for  immediate 
steps  to  create  parity  for  tele¬ 
phone  companies  by  dropping 
the  current  requirements  that 
they  must  sell  access  to  their 
Digital  Subscriber  Line  net¬ 


works  to  rival  vendors. 

Noting  that  DSL  and  cable- 
modem  technologies  are  used 
by  many  businesses  for  net¬ 
work  backup  and  as  a  primary 
means  of  communi¬ 
cation  by  small  of¬ 
fices,  Shell  said  IT 
managers  need  more 
broadband  offerings 
to  expand  their  net¬ 
work  choices.  Using 
broadband  is  much 
cheaper  than  install¬ 
ing  T1  connections, 
added  Shell,  who  is 
also  a  vice  chairman 
of  the  Enterprise 
Networking  Tech¬ 
nologies  Users  Association 
(ENTUA)  in  Lake  Grove,  N.Y. 

George  Waters,  director  at 
large  of  the  TCA  user  group  in 
Sacramento,  said  there  isn’t 
enough  broadband  competi¬ 
tion,  especially  in  rural  mar¬ 
kets.  “When  you  want  to  get 
service  to  small  offices  in  rur¬ 
al  areas,  you’re  stuck,”  he  said, 


noting  his  recent  experience 
as  a  communications  manager 
for  the  government  of  Sonoma 
County,  Calif.,  where  he  had  to 
provision  dozens  of  sheriffs’ 
offices. 

Likewise,  Terri 
Staggs,  ENTUA’s 
president  and  a  se¬ 
nior  telecommunica¬ 
tions  analyst  at  Na¬ 
tional  Gypsum  Co. 
in  Charlotte,  N.C., 
said  she’s  worried 
that  the  ruling  might 
make  it  harder  for 
small  Internet  ser¬ 
vice  providers  to  of¬ 
fer  broadband  access 
in  remote  areas  where  business¬ 
es  can’t  find  other  providers. 

Building  out  broadband  ac¬ 
cess  is  important  to  workers 
trying  to  run  applications 
from  their  homes  and  also  will 
be  vital  for  voice-over-IP  roll¬ 
outs,  said  Staggs,  whose  user 
group  includes  members  from 
more  than  70  large  companies. 


Several  consumer  groups 
urged  Congress  to  clarify  the 
laws  related  to  broadband  ac¬ 
cess  in  order  to  ensure  that 
customers  have  choices,  argu¬ 
ing  that  the  issue  will  affect 
businesses  as  well  as  residen¬ 
tial  customers.  The  FCC,  with 
the  Supreme  Court’s  endorse¬ 
ment,  is  creating  “an  oligarchy 
run  by  the  cable  and  telephone 
companies,”  said  Ed  Mierzwin- 
ski,  consumer  program  direc¬ 
tor  for  U.S.  Public  Interest  Re¬ 
search  Groups  in  Washington. 

In  contrast,  the  Telecommu¬ 
nications  Industry  Association 
(TIA)  in  Arlington,  Va.,  said 
the  ruling  will  promote  the  ex¬ 
pansion  of  broadband  access. 
“Broadband  is  the  new  fron¬ 
tier,  and  we  feel  the  cable  and 
phone  industries  need  to  have 
[the  ability]  to  get  return  on 
investment,”  said  Grant  Seif- 
fert,  vice  president  of  external 
affairs  at  the  TIA. 

Adi  Kishore,  an  analyst  at 
The  Yankee  Group  in  Boston, 


agreed  that  the  ruling  means 
customers  will  have  fewer 
choices.  But  ultimately,  it  will 
give  cable  and  telephone  com¬ 
panies  the  incentive  to  invest 
in  faster  networks  and  more 
applications,  Kishore  said. 

Colleen  Boothby,  an  attor¬ 
ney  at  Washington-based 
Levine,  Blaszak,  Block  & 
Boothby  LLP  who  represented 
the  TIA  in  the  case,  said  that  if 
the  ruling  had  gone  the  other 
way,  any  provider  of  network 
services  could  have  been  sub¬ 
ject  to  regulations  and  associ¬ 
ated  taxes  and  fees. 

But  Boothby  also  said  that 
the  next  steps  by  the  FCC  will 
have  to  be  watched  carefully, 
because  a  “duopoly”  of  cable 
and  telephone  companies  isn’t 
competitive  enough.  ©  55345 


MORE  THIS  ISSUE 

Frank  Hayes  says  the  Supreme  Court's 
ruling  on  file-sharing  networks  declared 
open  season  on  piracy,  not  on  the 
technology  itself.  Page  38 


TERRI  STAGGS  says 
wider  broadband 
access  is  important 
for  telecommuters 
and  VoIP  users. 


Continued  from  page  1 

AMD 

In  its  48-page  complaint, 
Sunnyvale,  Calif. -based  AMD 
claimed  that  its  sales  of  proc¬ 
essors  to  hardware  vendors 
for  desktops,  laptops  and 
servers  are  being  hurt  by  the 
use  of  exclusive  deals  and  co¬ 
ercion  on  the  part  of  Intel. 
AMD’s  Japanese  subsidiary 
made  similar  allegations  of 
anticompetitive  acts  in  a  com¬ 
plaint  filed  against  Intel’s 
Japanese  unit  in  a  Tokyo  court. 

“Buyers  have  no  choice  but 
Intel  [now],”  said  Roger  Kay, 
an  analyst  at  Framingham, 
Mass.-based  IDC.  “If  they 
could  pit  the  two  together, 
they  could  get  a  better  price.” 

It’s  no  great  secret  that  Intel 
gives  so-called  market  devel¬ 
opment  funds  to  PC  vendors 
to  support  marketing  activities 
involving  systems  based  on  its 
chips,  Kay  said.  But  proving 
that  the  funding  is  dependent 
on  maintaining  an  exclusive 


relationship  with  Intel  or  ful¬ 
filling  a  quota  for  its  chips 
could  require  more  than  just 
producing  evidence  about 
“suspicious-looking  behav¬ 
iors,”  Kay  said. 

“In  a  market  where  there  is 
competition,  which  supplier  is 
not  going  to  offer  some  kind  of 
benefit  [to  its  customers]  if 
they  are  prepared  to  commit 
to  some  kind  of  exclusivity?” 
said  Brian  Gammage,  an  ana¬ 
lyst  at  Gartner  Inc. 

In  its  lawsuit,  AMD  listed 
nearly  40  major  vendors  that  it 
claims  have  been  adversely  af¬ 
fected  by  Intel’s  business  prac¬ 
tices.  The  lawsuit  contends 
that  Intel  used  its  market  pow¬ 
er  to  force  hardware  vendors 
to  limit  or  exclude  the  use  of 
AMD’s  chips  in  their  systems 
—  a  process  that  the  lawsuit 
refers  to  as  “knee-capping.” 

For  example,  Dell  Inc.  does 
not  offer  any  AMD-based  sys¬ 
tems  —  a  fact  that  Dell  execu¬ 
tives  have  partly  attributed  to 
a  desire  to  maintain  the  pric¬ 
ing  deals  they  get  from  Intel. 


IBM  does  use  AMD’s  Opteron 
processor  in  some  of  its  serv¬ 
ers,  including  a  blade  device 
that  it  introduced  last  month. 
But  IBM  said  then  that  it  would 
continue  to  limit  its  marketing 
of  the  Opteron-based  systems 
to  high-performance  technical 
computing  applications. 

IT  managers  have  enough 
clout  with  server  vendors  to 
convince  most  of  them  to  offer 
systems  with  Opteron,  accord¬ 
ing  to  Charles  Diamond,  a 
partner  at  O’Melveny  &  My¬ 
ers  LLP,  AMD’s  lead  outside 

Just  like 
Standard  Oil 
and  Alcoa 
before  it, 
for  over  a  decade  Intel 
has  unlawfully  maintained 
its  monopoly  by  engaging 
in  a  relentless,  worldwide 
campaign  to  coerce  cus¬ 
tomers  to  refrain  from 
dealing  with  AMD. 


FROM  THE  ANTITRUST  LAWSUIT 

that  AMD  filed  against  Intel 


counsel  on  the  lawsuit. 

But  the  same  isn’t  true  in 
the  PC  market,  Diamond  said. 
IT  buyers  who  deal  with  the 
top  PC  vendors  have  only  Intel- 
based  products  to  choose 
from,  he  said,  claiming  that 
this  deprives  users  of  options 
and  drives  up  costs.  “If  that’s 
not  harm  to  consumers,  I  don’t 
know  what  harm  to  con¬ 
sumers  is,”  Diamond  said. 

Paul  Otellini,  Intel’s  presi¬ 
dent  and  CEO,  said  in  a  state¬ 
ment  that  Intel  officials  “un¬ 
equivocally  disagree  with 

Intel  believes 
in  competing 
fairly  and 
believes  con¬ 
sumers  are  benefiting  from 
this  vigorous  competition. 
AMD  has  chosen,  once 
again,  to  complain  to  a 
court  about  Intel’s  success 
with  a  legal  case  full  of 
excuses  and  speculation. 


FROM  A  STATEMENT  that  Intel 
issued  after  the  suit  was  filed 


AMD’s  claims”  and  expect  the 
lawsuit  to  be  resolved  in  In¬ 
tel’s  favor.  “We  compete  ag¬ 
gressively  and  fairly,”  Otellini 
said.  “This  will  not  change.” 

In  March,  though,  the  Japan 
Fair  Trade  Commission  ruled 
that  Intel  had  abused  its  mo¬ 
nopoly  power  in  that  country’s 
microprocessor  market.  At  the 
time,  Intel  said  it  disagreed 
with  the  findings  but  pledged 
to  refrain  from  several  types  of 
business  practices. 

But  private  antitrust  cases 
are  settled  out  of  court  95%  of 
the  time,  said  Rod  Thompson, 
an  attorney  at  Farella  Braun  & 
Martel  LLP  in  San  Francisco. 
He  also  noted  that  AMD  is 
asking  for  a  jury  trial,  which 
usually  requires  much  more 
preparation  time.  ©  55353 


Material  from  the  IDG  News 
Service  was  used  in  this  story. 


OUR  TAKE 

Don  Tennant  feels  a  lot  of  disgust  about 
the  AMD-Intel  situation.  And  it  isn’t  all 
directed  at  Intel.  Page  14 
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FRANK  HAYES  ■  FRANKLY  SPEAKING 


Pirate  Justice 


DID  YOU  LISTEN  to  the  news  last  Monday,  or  read  the 
papers  the  next  day?  Did  you  get  the  impression  that 
the  U.S.  Supreme  Court  has  declared  open  season  on 
file-sharing  networks  that  might  be  used  for  piracy? 
You  probably  did  —  that’s  how  the  story  was  reported 
on  CNN,  in  USA  Today  and  by  the  major  news  services. 

They  got  it  wrong.  Backward,  in  fact.  The  Supreme  Court  said 
explicitly  that  file-sharing  technology  isn’t,  in  itself,  illegal.  Even  if 
it  is  used  to  infringe  copyrights.  To  put  the  court’s  point  simply: 
Technology  doesn’t  infringe  copyrights.  People  infringe  copyrights. 


And  in  the  cases  of  Grokster  and  Morpheus, 
the  court  said  the  people  who  created  those 
particular  file-sharing  networks  were  so  egre¬ 
gious  in  advertising  their  support  for  illegally 
trading  copyrighted  material  that  they  could  be 
sued  for  contributing  to  that  piracy. 

What  about  the  file-sharing  technology 
itself?  Not  a  problem,  said  the  justices.  In  fact, 
the  court’s  unanimous  opinion  starts  talking 
about  the  benefits  and  legal  uses  of  point-to- 
point  networks  on  its  very  first  page. 

The  problem  isn’t  the  technology,  the  court 
said.  The  problem  is  the  mountain  of  evidence 
that  Grokster  and  StreamCast  Networks  (the 
Morpheus  people)  obviously  intended  to  sup¬ 
port  piracy.  And  for  that,  those  companies  will 
have  to  face  the  music. 

It’s  easy  to  see  how  news  reporters  got  the 
story  wrong,  though.  On  one  side,  the  music 
and  movie  industries  were  crowing  about  their 
great  victory  over  file  sharing.  On  the  other 
side,  IT  vendors  were  moaning  that  now  any 
company  with  technology  that  might  be  used 
illegally  will  live  in  fear  of  lawsuits.  Reporters 
likely  figured  that  these  people  knew  what  they 
were  talking  about. 

But  there  was  no  great  victory 
over  file  sharing  —  just  over  Grok¬ 
ster  and  StreamCast.  And  there’s  no 
cloud  hanging  over  all  new  tech¬ 
nologies  —  only  over  companies 
that  invite,  encourage  and  support 
stealing  copyrighted  material. 

Music  and  movie  companies 
should  crow  while  they  can.  From 
now  on,  they’ll  have  to  prove  that 
a  file-sharing  network’s  operators 
clearly  intended  the  network  to  be 
used  illegally.  That  could  be  tough 
with  targets  like  Kazaa,  which 


explicitly  forbids  swapping  copyrighted  materi¬ 
al  in  its  click-through  license  agreement. 

And  tech  companies  shouldn’t  be  moaning. 
They  should  be  glad  the  Supreme  Court  under¬ 
stands  the  importance  of  new  technologies. 

Look,  these  justices  are  setting  a  standard  for 
the  entire  U.S.  court  system.  And  that  standard 
is  very  tech-friendly  —  and  tech-sawy.  Three 
of  the  justices  went  out  of  their  way  to  say  that 
CD  burners,  digital  video  recorders,  MP3  play¬ 
ers,  Internet  search  engines  and  peer-to-peer 
software  are  all  legal  (and  to  mention  that  cable 
descramblers  aren’t). 

In  1984,  the  Supreme  Court  ruled  that  Sony 
couldn’t  be  held  liable  just  because  the  VCRs 
it  sold  could  be  misused.  In  fact,  an  estimated 
90%  of  VCR  use  was  for  illegal  copying.  But 
Sony  hadn’t  promoted  the  machines  for  that.  So 
the  court  gave  Sony  the  benefit  of  the  doubt. 

Twenty-one  years  later,  the  court  still  gives 
new  technologies  —  and  the  companies  that 
sell  them  —  that  benefit.  Why?  The  justices 
understand  that  technologies  grow,  change 
and  mature.  Early  on  they  may  be  used  for 
piracy,  but  new,  legitimate  uses  will  never  be 
discovered  if  they’re  never  given 
a  fair  chance. 

This  court  understands  the  need 
to  protect  copyrights.  But  it’s  will¬ 
ing  to  protect  and  nurture  new 
technologies,  even  if  they’re  used 
for  piracy.  Just  not  if  they’re  used 
to  promote  piracy. 

So  when  you  hear  someone 
lamenting  the  Grokster  decision, 
pass  along  the  good  news:  The 
Supreme  Court  hasn’t  declared 
open  season  on  file-sharing  net¬ 
works  or  any  other  technology. 

Just  pirates.  ©  55307 


frank  hayes,  Computer- 
world  s  senior  news  colum¬ 
nist.  has  covered  IT  for  more 
than  20  years.  Contact  him  at 

frank.hayes@computerwoiid.com. 


This  Fascinating  Business  of  IT 


It’s  Saturday  night,  and  this  pilot  fish  works  into  the 
wee  hours  helping  to  verify  some  device  information 
in  the  data  center.  “My  boss  would  read  off  a  list  of  de¬ 
vice  numbers,  and  I’d  check  them  against  another  dis¬ 
play,”  fish  says.  “The  list  had  at  least  a  hundred  num¬ 
bers.  My  boss  kept  reading  and,  hearing  nothing  from 
me,  assumed  everything  was  checking  out.  Only  when 
he  got  to  the  end  did  he  notice  I  had  nodded  off!” 


Got  Change? 

User  calls  help 
desk  pilot  fish  to 
complain  that 
when  he  prints  a 
document,  the  text  cov¬ 
ers  the  logo  on  the  com¬ 
pany  stationery.  How  far 
down  the  page  does  the 
logo  go?  fish  asks.  “Nine 
inches,"  user  says.  Fish 
knows  that’s  not  right, 
so  he  tells  user  to  hold  a 
$1  bill  against  the  page 
to  determine  how  far 
down  the  bill  the  compa¬ 
ny  logo  extends.  User 
fumbles  for  wallet  and 
then  replies,  “I  can’t  do 
this.”  Why  not?  fish 
asks.  “All  I  have  is  $5.” 

That’ll  Help 

Junior  tech  to  senior 
tech  pilot  fish:  “My  boss 
can’t  send  or  receive 
e-mail  since  he  migrated 
to  the  new  mail  system." 
Fish:  Did  you  run  the 
migration  tool  we  sent 
you?  Junior  tech:  “No,  I 
forwarded  that  e-mail  to 
my  boss.” 

Double  Up 

Pilot  fish  arrives  home 
one  afternoon  to  discov¬ 
er  that  her  water  service 
has  been  disconnected 
for  nonpayment.  But  I 
paid  the  bill  online,  fish 
tells  clerk  at  the  water 
company.  “Oh,"  says 
sympathetic  clerk. 

“Well,  our  system  has 
issues.  It  may  show  on 
our  Web  site  and  at  your 


bank  that 
you’ve  made 
the  payment,  , 
but  it  doesn’t 
always  show 
i  in  our  records.  We  rec- 
j  ommendthatifyou 
!  choose  to  pay  online, 
j  you  should  call  us  to 
|  tell  us  you  did  that.” 

|  Wrong  Homer 

j  This  data  center  has 
j  a  tradition  of  naming 
j  its  servers  for  Greek 
j  philosophers  and 
j  writers,  says  a  pilot  fish 
j  working  there:  “Aristo- 
j  tie,  Plato,  Socrates, 
j  Sophocles  and  Homer, 
j  But  somebody  unclear 
j  on  the  concept  was 
j  allowed  to  name  the 
j  most  recently  acquired 
j  servers  as  we  expanded: 

I  Bart,  Lisa,  Marge  and 
j  Maggie.” 

I  What’s  It  For? 

j  Part  of  this  ATM  network 
j  goes  down  one  night 
j  because  a  component 
j  failed,  and  tech  pilot  fish 
j  is  amazed  to  learn  that 
j  the  manager  won’t  swap 
j  in  the  spare  to  restore 
|  service.  “She  decided 
j  instead  to  wait  until 
j  morning,  when  a  service 
j  call  by  the  vendor  would 
j  be  covered  under  con- 
i  tract,”  fish  grumbles, 
i  “When  asked  why  she 
I  didn’t  authorize  the 
i  spare  to  be  used,  she 
j  said  she  didn’t  want  to 
I  be  left  without  a  spare.” 


SHARK 

TANK*. 


OD0NT  LEAVE  SHARKY  WITHOUT  true  tales  of  IT 

life.  Send  yours  to  sharky@computerworld.com. 
You'll  get  a  stylish  Shark  shirt  if  I  use  it.  And  check  out  the 
daily  feed,  browse  the  Sharkives  and  sign  up  for  Shark  Tank 
home  delivery  at  computerworld.com/sharky. 


Got  Questions  About 
Enterprise  Data  Analytics? 


Computerworld’s  IT  Management  Summit  Has  the  Answers 


Looking  to  better  understand  enterprise 
analytics?  Apply  to  attend  Computerworld’s 
complimentary*  half-day  IT  Management 
Summit:  Beyond  Business  Intelligence. 

Enterprise  analytics  enable  companies  to 
make  timely  fact-based  decisions  using 
critical  information  from  across  the  entire 
organization.  By  fully  leveraging  data, 
technology,  skills  and  processes,  successful 
users  of  enterprise  analytics  go  beyond 
simply  understanding  the  past,  to  predicting 
outcomes  that  improve  overall  corporate 
performance. 

This  summit  will  feature  the  latest  insights 
of  business  intelligence  industry  experts  and 
will  give  you  first-hand  information  on  the 
innovations  and  experiences  of  companies 
successfully  deploying  enterprise  analytics. 

*  Complimentary  registration  is  restricted  to 
qualified  IT  managers  only. 


Apply  for  registration  today 

Contact  Chris  Leger  at  888-299-0155 
or  visit:  www.itmanagementsummit.com 


Beyond  Business  Intelligence: 
Using  Enterprise  Analytics  to  Drive 
Fact-Based  Decisions 


Washington,  D.C.  •  July  12,  2005 

Marriott  Bethesda  North  Conference  Center  • 
5701  Marinelli  Road  •  North  Bethesda,  Maryland 


7:45am  to  8:15am  Registration  and  Networking  Breakfast 


8:15am  to  8:25am  Introduction  and  Overview 

Julia  King,  Executive  Editor,  Events,  and  National 
Correspondent,  Computerworld 


8:25am  to  8:55am  Trends  in  Enterprise  Analytics: 

An  Industry  Analyst’s  Overview 

Keith  Gile,  Principal  Analyst,  Forrester  Research 


8:55am  to  9:25am  Case  Study:  United  States  Census  Bureau 

Blake  Sanders,  Branch  Chief  of  System  Design  and  Support, 
Foreign  Trade  Division,  United  States  Census  Bureau 

9:25am  to  10:15am  How  Technology  is  Transforming 
Business  Intelligence 

Rob  Stephens,  Director,  Technology  Strategy,  SAS 
Michael  Tillema,  Business  Intelligence  Strategist,  Intel 

1 0: 1 5am  to  1 0:45am  Refreshment  and  Networking  Break 

10:45am  to  1 1:15am  Case  Study:  The  Nature  Conservancy 

Connor  Baker,  Director  of  Business  Information, 

The  Nature  Conservancy 

11:1 5am  to  Noon  Panel  Discussion  -  From  Gut  Feel  to  Fact-Based 
Decisions:  Real-Life  Business,  Political  and 
Technology  Lessons  Learned  on  the  Front  Lines 
of  Enterprise  Analytics 

Moderator:  Julia  King,  Executive  Editor,  Events,  and  National 
Correspondent,  Computerworld 


Selected 

speakers  include: 


Connor  Baker 
Director  of  Business 
Information,  The  Nature 
Conservancy 


Blake  Sanders 
Branch  Chief  of  System  Design 
and  Support,  Foreign  Trade 
Division,  United  States  Census 
Bureau 


Keith  Gile 
Principal  Analyst, 
Forrester  Research 


Rob  Stephens 

Director,  Technology  Strategy, 

SAS 


Michael  Tillema 

Business  Intelligence  Strategist, 

Intel 


Panelists: 

■  Blake  Sanders,  Branch  Chief  of  System  Design  and  Support, 
Foreign  Trade  Division,  United  States  Census  Bureau 

•  Connor  Baker,  Director  of  Business  Information, 

The  Nature  Conservancy 

•  Keith  Gile,  Principal  Analyst,  Forrester  Research 

•  Rob  Stephens,  Director,  Technology  Strategy,  SAS 

•  Michael  Tillema,  Business  Intelligence  Strategist,  Intel 

Program  Concludes 

Exclusively  sponsored  by 

asas^  intJ 

The  Power  to  Know* 

SAS  and  all  other  SAS  Institute  Inc.  product  or  service  names  are  registered  trademarks 
or  trademarks  of  SAS  Institute  Inc.  in  the  USA  and  other  countries.  ®  indicates  USA 
registration.  Other  brand  and  product  names  are  trademarks  of  their  respective  compa¬ 
nies.  Intel  and  the  Intel  logo  are  trademarks  or  registered  trademarks  of  Intel 
Corporation  or  its  subsidiaries  in  the  United  States  and  other  countries. 


Julia  King 

Executive  Editor,  Events,  and 
National  Correspondent 
Computerworld 


This  program  wilS 
also  take  place  in: 

Chicago,  Illinois 
July  26,  2005 

New  York,  New  York 
August  9,  2005 

San  Francisco,  California 
September  20.  2005 
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DB2.  ONLY  THE  PERFORMANCE  IS  HIGH. 

DB2  has  done  it  again.  According  to  a  Market  Magic  Study, 
DB2  costs  “on  average  22%  less  than  Oracle.”1 

The  Transaction  Processing  Performance  Council  results 
show  that  DB2  and  eServer'“  p5-595  are  more  than  twice 
as  scalable  as  Oracle  Real  Application  Clusters,  making 
them  the  overwhelming  performance  and  scalability 
leader  forTPC-C.2  And  an  ITG  study  showed  overall  costs 
for  Oracle  Database  up  to  four  times  higher  than  DB2.3 

No  wonder  DB2  is  regarded  as  the  leading  database  built 
on  and  optimized  for  Linuxt  UNIX’  and  Windows!  Like 
other  IBM  database  engine  products  such  as  Informix® 
and  Cloudscape'”  DB2  is  part  of  an  innovative  family  of 
information  management  products  that  integrates  and 
can  actually  add  insight  to  your  data. 


It  takes  full  advantage  of  your  existing  heterogeneous 
and  open  environments,  while  its  leading-edge 
autonomic  computing  technology  means  increased 
reliability,  increased  programmer  productivity  and 
decreased  deployment  and  management  costs. 

One  more  thing:  Oracle  desupported  Oracle  Database  8i 
last  year,  meaning  potential  headaches,  higher  cost  or 
a  complete  migration  to  current  versions  of  Oracle. 
Fortunately,  IBM  offers  ongoing,  around-the-clock  service 
and  support  for  DB2. 

Why  not  move  up  to  middleware  that  makes  sense?  Now  you 
can  get  IBM  DB2  Universal  Database  or  Informix  by  taking 
advantage  of  our  extremely  compelling  trade-up  program. 
Visit  ibm.com/db2/swap  today  to  find  out  if  you  qualify. 


0J  DEMAND  BUSINESS 


IBM,  the  IBM  logo,  DB2,  eServer.  Informix,  Cloudscape  and  the  On  Demand  logo  are  trademarks  or  registered  trademarks  of  International  Business  Machines  Corporation  in  the  United 
States  and  other  countries.  Linux  is  a  registered  trademark  of  Linus  Torvalds.  Microsoft  and  Windows  are  registered  trademarks  of  Microsoft  Corporation  in  the  United  States  and/or  other 
countries.  UNIX  is  a  registered  trademark  of  The  Open  Group  in  the  United  States  and/or  other  countries.  Other  company,  product  and  service  names  may  be  trademarks  or  service  marks 
of  others,  ©2005  IBM  Corporation.  All  rights  reserved.  ’"Database  Comparative  Cost  of  Ownership,"  January  2003.  Market  Magic  Ltd.  -All  referenced  results  are  current  as  of  12/14/04.  DB2 
UDB  v8.2  on  IBM  eServer  p5  595  (64-way  POWER5  1.9  GHz)  and  AIX  5.3L:  3,210,540  tpmC  @  S5.19/tpmC  available:  May  15. 2005,  vs.  Oracle  RAC  lOg  on  HP  Integrity  rx5670  Cluster  64P 
(16  x  4-way  Intel  Itanium2  6M  1.5GHz):  1,184.893  tpmC  @  $5.52/tpmC  available:  April  30,  2004:  TPC  Benchmark.  TPC-C,  tpmC  are  trademarks  of  the  Transaction  Processing  Performance 
Council.  For  further TPC-related  information,  please  see  http://www.tpc.org/.  ’“IBM  Solutions  for  PeopleSoft  Deployment  in  Mid-sized  Businesses  Quantifying  the  New  Cost/Benefit  Equation," 
July  2003,  International  Technology  Group,  Los  Altos,  California. 


